Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
None
Description
The protection algorithm:
https://github.com/apache/couchdb/blob/master/share/server/views.js#L36-L41
When enabled, looks at couchjs' reduce command input and output line lengths (as stringy-fied json). If 2*len(output) > len(input) and len(output) > 200 then an error is triggered.
There a few issues in that scheme:
- No mode to first log failures only. This way user can handle bad reduce functions as a warning rather than as a failed query result.
- Input line contains the length of the reduce function code itself. A large reduce function body (say 100KB) might skew the result and allow allow through reduce function with larger than needed output (without tripping the error).
- On the other hand, output size checking threshold is too small = 200. It prevents functions using single large accumulator object (say with fields like .sum, .count, .stddev, and so on) from working. The size of output will be > 200 but, even though it won't be growing it will still be prevented from running.
Attachments
Issue Links
- links to
