You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
it'll consume boundless amounts of memory until it is killed by my kernel
Explanation
Due to its logic that just tries to get alphanumeric strings of the input length, with no length limits, it'll keep doing lots of work and consume endless amounts of memory
Please make a reasonable limit to the number of characters that can be max produced or if this function isn't used, mark it as deprecated and delete it eventually
Found by fuzzing and also by plain auditing, if I pass in a large integer into
(*Rand).Str
, like in this testit'll consume boundless amounts of memory until it is killed by my kernel
![Screen Shot 2023-05-04 at 11 14 57 PM](https://user-images.githubusercontent.com/4898263/236320096-6c78ea3d-f466-4c11-872e-f8d9ee5b499c.png)
Explanation
Due to its logic that just tries to get alphanumeric strings of the input length, with no length limits, it'll keep doing lots of work and consume endless amounts of memory
iavl/internal/rand/random.go
Lines 90 to 110 in d0241db
Suggestion
Please make a reasonable limit to the number of characters that can be max produced or if this function isn't used, mark it as deprecated and delete it eventually
/cc @elias-orijtech
The text was updated successfully, but these errors were encountered: