Skip to content

fix: HttpBody::read_all for large bodies#1444

Merged
zkat merged 5 commits intomainfrom
sy/body-read-all-large
May 1, 2026
Merged

fix: HttpBody::read_all for large bodies#1444
zkat merged 5 commits intomainfrom
sy/body-read-all-large

Conversation

@TartanLlama
Copy link
Copy Markdown
Contributor

@TartanLlama TartanLlama commented Apr 29, 2026

Currently, the buffer allocated for HttpBody::read_all is of a fixed size. We do check for overflow, but we do this check after writing into the buffer, so we potentially leak returned data somewhere else in memory before returning an error. This PR makes the buffer dynamically-sized, and performs overflow checks earlier.

We also could potentially hit issues with 0-length bodies. Currently, this pattern should never be hit, as we only call this function for ACL lookups and KV store lists, which return non-empty JSON in all paths, so there's no test for this behaviour; it is simply being defensive against future host changes or new uses of read_all.

@TartanLlama TartanLlama marked this pull request as ready for review April 29, 2026 14:16
@zkat zkat force-pushed the sy/body-read-all-large branch 3 times, most recently from 1f610fc to 9c57fba Compare May 1, 2026 17:47
@zkat zkat enabled auto-merge (squash) May 1, 2026 22:26
@zkat zkat force-pushed the sy/body-read-all-large branch from da869ed to 0be29ec Compare May 1, 2026 22:35
@zkat zkat merged commit 99f45b5 into main May 1, 2026
29 checks passed
@zkat zkat deleted the sy/body-read-all-large branch May 1, 2026 22:45
@github-actions github-actions Bot mentioned this pull request May 1, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zkat zkat zkat approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TartanLlama @zkat