wwbmmm opened a new pull request, #3353: URL: https://github.com/apache/brpc/pull/3353
### What problem does this PR solve? Issue Number: null Problem Summary: AMF parsing accepted declared string lengths and array counts directly from the input stream. Malformed RTMP/AMF payloads could make the parser reserve excessive memory or spend a long time walking impossible element counts before discovering that the stream was incomplete. ### What is changed and the side effects? Changed: - Add configurable AMF string and array limits. - Read AMF string bodies incrementally instead of resizing the destination string to the declared length up front. - Reject ECMA array and strict array counts above the configured limit before parsing their elements. - Add RTMP AMF unit tests for truncated long strings and oversized array counts. Side effects: - Performance effects: AMF string parsing now copies through a small stack buffer, avoiding large zero-fill allocations for malformed payloads. - Breaking backward compatibility: AMF payloads whose string length or array count exceed the new defaults will be rejected. The defaults are 64 MiB per string and 1,048,576 array elements. --- ### Check List: - Please make sure your changes are compilable. - When providing us with a new feature, it is best to add related tests. - Please follow [Contributor Covenant Code of Conduct](https://github.com/apache/brpc/blob/master/CODE_OF_CONDUCT.md). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
