-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(parser): apply recursion limit everywhere, reduce default to 500 #662
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
goto-bus-stop
approved these changes
Sep 27, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sweet!
SimonSapin
added a commit
to apollographql/router
that referenced
this pull request
Nov 14, 2023
The previous default of 4096 was too high. I can reliable make the Router process (compiled in release mode) abort with a stack overflow with ~2400 nested selection sets. `deeply_nested.rs` demonstrates it. It as "benchmark" because that’s an easy way to get access to a Router compiled in release mode. It is not run on CI because CI currently does not compile in release mode. Note that the Router cannot handle response JSON data more nested than 128 levels anyway:`serde_json::Deserializer` has its own recursion limit, hard-coded to 128. It can be disabled (with both run-time *and* compile-time opt-in) but not changed. Our corpus of 5.3 million operations from customers has 8 entries that use more recursion than the new default. See also: * apollographql/apollo-rs#662 * apollographql/apollo-rs#721
6 tasks
Geal
pushed a commit
to apollographql/router
that referenced
this pull request
Nov 29, 2023
The previous default of 4096 was too high. I can reliable make the Router process (compiled in release mode) abort with a stack overflow with ~2400 nested selection sets. `deeply_nested.rs` demonstrates it. It as "benchmark" because that’s an easy way to get access to a Router compiled in release mode. It is not run on CI because CI currently does not compile in release mode. Note that the Router cannot handle response JSON data more nested than 128 levels anyway:`serde_json::Deserializer` has its own recursion limit, hard-coded to 128. It can be disabled (with both run-time *and* compile-time opt-in) but not changed. Our corpus of 5.3 million operations from customers has 8 entries that use more recursion than the new default. See also: * apollographql/apollo-rs#662 * apollographql/apollo-rs#721 <!-- start metadata --> --- **Checklist** Complete the checklist (and note appropriate exceptions) before the PR is marked ready-for-review. - [x] Changes are compatible[^1] - [x] Documentation[^2] completed - [ ] Performance impact assessed and acceptable - Tests added and passing[^3] - [ ] Unit Tests - [ ] Integration Tests - [x] Manual Tests **Exceptions** *Note any exceptions here* **Notes** [^1]: It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this. [^2]: Configuration is an important part of many changes. Where applicable please try to document configuration examples. [^3]: Tick whichever testing boxes are applicable. If you are adding Manual Tests, please document the manual testing (extensively) in the Exceptions.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sorry for the noisy diff!
This adds a new test in
crates/apollo-parser/src/parser/mod.rs
that would cause stack overflows without the new uses of limits. See also comments in that same file about the change of default limit.