atharvalade opened a new issue, #3129:
URL: https://github.com/apache/iggy/issues/3129
`DeserializeFetchMessagesResponse` in Go SDK calls `panic()` when S2
decompression fails, instead of returning an error.
```go
payloadSlice, err = s2.Decode(nil, payloadSlice)
if err != nil {
panic("iggy: failed to decode s2 payload: " + err.Error())
}
```
A truncated or corrupt compressed message from the server crashes the entire
Go client process. This is a DoS vector clients should never panic on bad
server data.
We should return error instead of calling panic.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
