pgjdbc/pgjdbc GitHub issues and pull requests (mirror)
help / color / mirror / Atom feedFrom: vlsi (@vlsi) <[email protected]>
To: pgjdbc/pgjdbc <[email protected]>
Subject: Re: [pgjdbc/pgjdbc] PR #4016: feat: harden protocol reader against desynced streams (#4015)
Date: Tue, 26 May 2026 08:50:35 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
I pushed an update that narrows the configurable part further.
The current split is:
* protocol/envelope invariants always fail in every mode and mark the stream broken
* `pgjdbc.protocolHardeningMode` only applies to four pgjdbc-chosen soft caps:
* `NotificationResponse > 1 MiB`
* `ParameterStatus > 1 MiB`
* `AuthenticationRequest > 8 + 2 MiB`
* `AuthenticationGSSContinue > 8 + 2 MiB`
`readMessageLength(name, min, max)` now treats `max` as an unconditional protocol-derived hard cap. Soft caps are implemented as explicit inline checks through `failOnDesync(...)`, so the code mirrors the PR description.
On the review/testing concern: I agree this needs careful review. Could you clarify what concrete testing or review evidence would make this mergeable? For example, would green CI plus the targeted malformed-stream tests in this PR be sufficient, or is there a specific external workload/environment you want exercised?
view thread (21+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: github://pgjdbc/pgjdbc
Cc: [email protected], [email protected]
Subject: Re: [pgjdbc/pgjdbc] PR #4016: feat: harden protocol reader against desynced streams (#4015)
In-Reply-To: <<[email protected]>>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox