The GitHub Actions job "Fory CI" on fory.git/fix-fory-inputstream-quadratic-growth has failed. Run started by GitHub user temni (triggered by temni).
Head commit for run: e89c7a7a8c69eea2122057e016093adbf96515a9 / Evgeniy Kirichenko <[email protected]> perf(java): avoid quadratic buffer growth in stream deserialization ForyInputStream.fillBuffer and ForyReadableChannel.fillBuffer grew the internal buffer to the exact target size: the available()-verified fast path allocated exactly targetSize, and the fallback nextBufferSize was capped with Math.min(grown, targetSize). Since the stream buffer accumulates the whole payload during one deserialize() call, the buffer was always exactly full after a fill, so every small read (for example readByte -> fillBuffer(1)) reallocated and copied the entire buffer. Stream deserialization was O(n^2) overall and multi-MB payloads appeared to hang at 100% CPU inside growBuffer. Grow by at least a doubling step instead: the verified fast path grows to max(targetSize, 2 * capacity), and the fallback doubles without the targetSize cap. Allocation on the unverified path stays bounded by roughly twice the bytes actually received, so truncated or hostile streams still fail before large buffers are reserved. The growth policy now lives in one place: ForyStreamReader gains a MAX_BUFFER_SIZE constant (largest array size commonly supported by JVMs) and a static nextBufferSize(int) helper used by both readers. The stream-fill growth guidance in docs/security/deserialization.md is updated to match. Co-Authored-By: Claude Fable 5 <[email protected]> Claude-Session: https://claude.ai/code/session_01EnqiU1ARyovGifhbfLkCfz Report URL: https://github.com/apache/fory/actions/runs/28585462617 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
