Uploaded image for project: 'CouchDB'
  1. CouchDB
  2. COUCHDB-3046

Improve reduce function overflow protection

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Database Core
    • Labels:
      None

      Description

      The protection algorithm:

      https://github.com/apache/couchdb/blob/master/share/server/views.js#L36-L41

      When enabled, looks at couchjs' reduce command input and output line lengths (as stringy-fied json). If 2*len(output) > len(input) and len(output) > 200 then an error is triggered.

      There a few issues in that scheme:

      • No mode to first log failures only. This way user can handle bad reduce functions as a warning rather than as a failed query result.
      • Input line contains the length of the reduce function code itself. A large reduce function body (say 100KB) might skew the result and allow allow through reduce function with larger than needed output (without tripping the error).
      • On the other hand, output size checking threshold is too small = 200. It prevents functions using single large accumulator object (say with fields like .sum, .count, .stddev, and so on) from working. The size of output will be > 200 but, even though it won't be growing it will still be prevented from running.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                vatamane Nick Vatamaniuc
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: