wwbmmm opened a new pull request, #3344: URL: https://github.com/apache/brpc/pull/3344
### What problem does this PR solve? Issue Number: null Problem Summary: Redis replies and AMF payloads can contain nested container values. The parsers previously bounded per-container allocation sizes, but did not bound nesting depth. Very deep inputs could therefore consume excessive call stack while parsing. ### What is changed and the side effects? Changed: - Add `redis_max_reply_depth` to limit nested Redis array replies. - Add `amf_max_depth` to limit nested AMF objects and arrays. - Add regression tests for over-limit nested Redis replies and AMF strict arrays. Side effects: - Performance effects: negligible; parsing adds one integer depth check per nested container. - Breaking backward compatibility: inputs with Redis reply or AMF nesting deeper than the configured limit are rejected. --- ### Check List: - Please make sure your changes are compilable. - When providing us with a new feature, it is best to add related tests. - Please follow [Contributor Covenant Code of Conduct](https://github.com/apache/brpc/blob/master/CODE_OF_CONDUCT.md). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
