Skip to content

fix(decode): cap alloc limits and fix flag check for OOM safety#34

Merged
xe-nvdk merged 1 commit intov6from
fix/alloc-limit-bugs
Feb 28, 2026
Merged

fix(decode): cap alloc limits and fix flag check for OOM safety#34
xe-nvdk merged 1 commit intov6from
fix/alloc-limit-bugs

Conversation

@xe-nvdk
Copy link
Copy Markdown
Member

@xe-nvdk xe-nvdk commented Feb 28, 2026

Summary

  • Cap decodeSlice() allocation at sliceAllocLimit (1M) to prevent OOM from malicious payloads claiming huge array lengths
  • Cap DecodeMap() allocation at maxMapSize (1M) — same OOM vector for the map[string]interface{} path used by Arc's *interface{} fast path
  • Fix disableAllocLimitFlag check in decodeSliceValue!= 1 was always true because the flag value is 1 << 3 = 8, so growSliceValue() alloc limit was never applied
  • Fix error message in DecodeFloat64 — said "decoding float32" instead of "decoding float64"
  • Add v6 changelog

Closes #1, closes #13.

Test plan

@xe-nvdk
fix(decode): cap alloc limits and fix flag check for OOM safety
1ec3037 
Cap decodeSlice() and DecodeMap() allocations at sliceAllocLimit/maxMapSize
to prevent OOM from malicious payloads. Fix disableAllocLimitFlag comparison
(!= 1 was always true since the flag is 1<<3=8). Fix DecodeFloat64 error
message that incorrectly said "float32".

Closes #1, closes #13.
@xe-nvdk xe-nvdk merged commit ada9880 into v6 Feb 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Incorrect error message in float64 decode: says 'float32' (upstream #352) Memory safety: decodeSlice trusts untrusted input for allocation size

1 participant

@xe-nvdk