Skip to content

feat(c++): Forced the limits of max size #3422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
garvittsingla wants to merge 3 commits into
base: main
Choose a base branch
from
+23 −0
Open

feat(c++): Forced the limits of max size #3422

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
04aa542
Forced the limits of max size
garvittsingla Feb 25, 2026
9d30759
Testing
garvittsingla Feb 26, 2026
4db37db
Fixed: Made getter methods in context to check max size limits
garvittsingla Feb 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions cpp/fory/serialization/collection_serializer.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -394,6 +394,10 @@ template <typename T, typename Container>
inline Container read_collection_data_slow(ReadContext &ctx, uint32_t length) {
Container result;
if constexpr (has_reserve_v<Container>) {
if(length > ctx.max_collection_size()) {
ctx.set_error(Error::invalid_data("invalid collection size"));
return result;
}
result.reserve(length);
}

Expand Down Expand Up @@ -717,6 +721,10 @@ struct Serializer<
}

std::vector<T, Alloc> result;
if(length > ctx.max_collection_size()) {
ctx.set_error(Error::invalid_data("invalid collection size"));
return result;
}
result.reserve(length);

// Fast path: no tracking, no nulls, elements have declared type
Expand Down
5 changes: 5 additions & 0 deletions cpp/fory/serialization/config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@ struct Config {
/// When enabled, avoids duplicating shared objects and handles cycles.
bool track_ref = true;

//max limits fot map,lists and collections
uint32_t max_string_length = 64 * 1024 * 1024; // 64MB default max string length
uint32_t max_collection_size = 10 * 1000 * 1000; // 1M default max collection size
uint32_t max_map_size = 1 * 1000 * 1000; // 1M default max map size

/// Default constructor with sensible defaults
Config() = default;
};
Expand Down
6 changes: 6 additions & 0 deletions cpp/fory/serialization/context.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -359,6 +359,12 @@ class WriteContext {
/// ```
class ReadContext {
public:
/// get maximum allowed collection size.
inline uint32_t max_collection_size() const { return config_->max_collection_size; }

/// get maximum allowed map size.
inline uint32_t max_map_size() const { return config_->max_map_size; }

/// Construct read context with configuration and type resolver.
/// Takes ownership of the type resolver.
explicit ReadContext(const Config &config,
Expand Down
4 changes: 4 additions & 0 deletions cpp/fory/serialization/map_serializer.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -539,6 +539,10 @@ inline MapType read_map_data_fast(ReadContext &ctx, uint32_t length) {
"Fast path is for non-shared-ref types only");

MapType result;
if(length > ctx.max_map_size()) {
ctx.set_error(Error::invalid_data("Invalid map size"));
return result;
}
MapReserver<MapType>::reserve(result, length);

if (length == 0) {
Expand Down
Loading