indygreg added a comment.
In https://phab.mercurial-scm.org/D3845#60316, @durin42 wrote: > It's been recommended to me that we avoid the streaming flavor of > cbor, so we'd probably just do one-shot messages. Out of curiosity, could you elaborate? One of the critiques against CBOR is that naive consumption of streaming data types can lead to resource exhaustion. e.g. by streaming a very large byte string. Of course, resource exhaustion can occur without streaming as well if the sender sends a very large document. Parsers need to deal with resource exhaustion regardless. Anyway, I don't believe ``cbor2`` prevents the use of the streaming types. Nor does it have support for limiting bytes read. For the latter, we have ``util.cappedreader`` which can expose a minimal wrap of a file object. But it needs work to be used in the context of limiting resource consumption (e.g. it should throw a reasonable error if an overrun is encountered). REPOSITORY rHG Mercurial REVISION DETAIL https://phab.mercurial-scm.org/D3845 To: hooper, #hg-reviewers Cc: indygreg, yuja, durin42, mercurial-devel _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
