Enchantrix

History

google-labs-jules[bot] f51ef1b52e feat: Add fuzz test and fix OOM vulnerability This commit introduces a fuzz test for the `Decode` function in the `trix` package. This test immediately uncovered a critical out-of-memory (OOM) vulnerability. - Adds a new fuzz test, `FuzzDecode`, to `pkg/trix/fuzz_test.go` to continuously test the `Decode` function with a wide range of malformed inputs. - Fixes a denial-of-service vulnerability where a malicious input could specify an extremely large header length, causing the application to crash due to an out-of-memory error. - Introduces a `MaxHeaderSize` constant (16MB) and a check in the `Decode` function to ensure that the header length does not exceed this limit. - Adds a new error, `ErrHeaderTooLarge`, to provide clear feedback when the header size limit is exceeded.	2025-11-02 02:21:21 +00:00
..
FuzzDecode	feat: Add fuzz test and fix OOM vulnerability	2025-11-02 02:21:21 +00:00

google-labs-jules[bot] f51ef1b52e feat: Add fuzz test and fix OOM vulnerability

This commit introduces a fuzz test for the `Decode` function in the `trix` package. This test immediately uncovered a critical out-of-memory (OOM) vulnerability.

-   Adds a new fuzz test, `FuzzDecode`, to `pkg/trix/fuzz_test.go` to continuously test the `Decode` function with a wide range of malformed inputs.
-   Fixes a denial-of-service vulnerability where a malicious input could specify an extremely large header length, causing the application to crash due to an out-of-memory error.
-   Introduces a `MaxHeaderSize` constant (16MB) and a check in the `Decode` function to ensure that the header length does not exceed this limit.
-   Adds a new error, `ErrHeaderTooLarge`, to provide clear feedback when the header size limit is exceeded.

2025-11-02 02:21:21 +00:00

FuzzDecode

feat: Add fuzz test and fix OOM vulnerability

2025-11-02 02:21:21 +00:00