Skip to content

builtin: enforce MemoryBudget for split and splitAfter#938

Open
thesmartshadow wants to merge 1 commit intoexpr-lang:masterfrom
thesmartshadow:fix/memorybudget-split-safe
Open

builtin: enforce MemoryBudget for split and splitAfter#938
thesmartshadow wants to merge 1 commit intoexpr-lang:masterfrom
thesmartshadow:fix/memorybudget-split-safe

Conversation

@thesmartshadow
Copy link

Summary

Fixes a MemoryBudget bypass where allocation-heavy builtins compiled via OpCall* were not accounted, allowing large heap allocations despite a small vm.VM.MemoryBudget.

What changed

  • Convert split and splitAfter from FuncSafe so allocations are charged via OpCallSafe + vm.memGrow.
  • Add regression tests to ensure MemoryBudget blocks large split/splitAfter outputs.

Why

split/splitAfter can produce very large slices from attacker-controlled input (common in rule engines / policy evaluators). With this change, those allocations are properly budgeted and will return memory budget exceeded when the budget is too small.

Tests

  • go test ./...
  • Added: TestMemoryBudget_SplitBuiltin, TestMemoryBudget_SplitAfterBuiltin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant