Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(tonic): respect max_message_size when decompressing a message #2484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LucioFranco merged 2 commits into from
Jan 28, 2026
Merged

fix(tonic): respect max_message_size when decompressing a message #2484

LucioFranco merged 2 commits into from
Jan 28, 2026
+160 −5

Conversation

@bmwill
Copy link
Contributor

@bmwill bmwill commented Jan 18, 2026

This patch fixes a bug where the configured max_message_size is not respected when a payload is compressed, leading the possibility of over allocating and exhausting memory over the configured maximum message size when decompressing the message.

Motivation

When compression is enabled, and a compressed message is sent or received, the configured max_message_size (for both clients and servers) is only checked against the compressed message size and that limit is not respected for the resulting uncompressed message, which can lead to resource exhaustion.

Solution

Respect the configured, or default, max_message_size limit while decompressing a message, returning an error if the resultant decompressed message would exceed the limit.

@bmwill
fix(tonic): respect max_message_size when decompressing a message
bd08011 
This patch fixes a bug where the configured max_message_size is not
respected when a payload is compressed, leading the possibility of over
allocating and exhausting memory over the configured maximum message
size when decompressing the message.
@bmwill
Copy link
Contributor Author

bmwill commented Jan 18, 2026

Let me know if you'd like me to open up an identical PR against the v0.14.x branch to make it easier to do a patch release with the fix.

LucioFranco
LucioFranco reviewed Jan 26, 2026
View reviewed changes
@LucioFranco LucioFranco merged commit c1e6206 into hyperium:master Jan 28, 2026
20 checks passed
@LucioFranco LucioFranco mentioned this pull request Jan 28, 2026
Merged
LucioFranco added a commit that referenced this pull request Jan 28, 2026
@LucioFranco
Prepare v0.14.3 release (#2489)
ed4bafc 
# Changelog for v0.14.3

## Features

- Expose `tcp_keepalive_interval` and `tcp_keepalive_retries` options on
Server (#2472)
- Allow configuration of `max_local_error_reset_streams` on Server
(#2437)
- Put source error into the `Display` impl of `Status` (#2417)
- `Server::default()` now sets `TCP_NODELAY` to true (#2413)

## Bug Fixes

- Respect `max_message_size` when decompressing a message (#2484)
- Depend on http at least 1.1.0 (#2426)

## Documentation

- Fix documentation links for timeout configuration (#2483)
- Fix documentation typos and grammar issues in status.rs and
codec/mod.rs (#2468)
- Fix labels in `Display for Status` (#2414)
- Fix features docs in tonic-build and tonic-prost-build (#2434)
- Remove redundant word in tonic-build and tonic-prost-build README
(#2425)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LucioFranco LucioFranco LucioFranco approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bmwill @LucioFranco