Affects Version/s: None
Fix Version/s: None
Component/s: Database Core
The protection algorithm:
When enabled, looks at couchjs' reduce command input and output line lengths (as stringy-fied json). If 2*len(output) > len(input) and len(output) > 200 then an error is triggered.
There a few issues in that scheme:
- No mode to first log failures only. This way user can handle bad reduce functions as a warning rather than as a failed query result.
- Input line contains the length of the reduce function code itself. A large reduce function body (say 100KB) might skew the result and allow allow through reduce function with larger than needed output (without tripping the error).
- On the other hand, output size checking threshold is too small = 200. It prevents functions using single large accumulator object (say with fields like .sum, .count, .stddev, and so on) from working. The size of output will be > 200 but, even though it won't be growing it will still be prevented from running.