-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose zlib limited output buffer size functionality. #592
Conversation
The summary line of the commit message is too long and/or ends with a "." Bad message: Expose zlib limited output buffer size functionality. I am a script, I am not human |
03afeac
to
56fdbbf
Compare
Fixed |
You left a typo in the commit message: "functiomality". Nice feature, otherwise. |
56fdbbf
to
372252b
Compare
@nox oups! Fixed. |
aa0a5c3
to
ab4fb5f
Compare
Patch has passed first testings and has been assigned to be reviewed I am a script, I am not human |
+1. |
Thanks, looks good, but I have a few comments about style. I have added my comments directly to the commit. |
This functionality may be useful for compressed streams with high compression ratio (in case of gzip it may be up to x1000), when small amount of compressed data will produce large amount of uncompressed output. This may lead to DoS attacks, because server easily goes out of memory. Example of such high compression ratio stream: ``` dd if=/dev/zero of=sparse.bin bs=1MB count=100 # 100mb of zeroes gzip sparse.bin # 95kb sparse.bin.gz $ erl > {ok, Compressed} = file:read_file("sparse.bin.gz"), > 97082 = size(Compressed), > Uncompressed = zlib:gunzip(Compressed), > 100000000 = iolist_size(Uncompressed). ```
ab4fb5f
to
b24651c
Compare
Fixed |
Patch has passed first testings and has been assigned to be reviewed I am a script, I am not human |
Will this make it into OTP 18? |
@essen that is the plan. If it pass the tests |
Great, this patch is exactly what I need to support gzip decoding in Zotonic. 👍 |
Merged to master |
This functionality may be useful for compressed streams with high compression ratio (in case of gzip it may be up to x1000), when small amount of compressed input will produce large amount of uncompressed output. This may lead to DoS attacks, because server easily goes out of memory.
Example of such high compression ratio stream:
Imagine HTTP client, which download such
Content-Encoding: gzip
stream from remote WWW host.So, suggested solution will look like this:
And yes, it uses existing
zlib:setBufSize/2
to configure output chunk size.