Check git blob size against cumulative limit before reading it.

This avoids exhausting RAM when reading e.g. a repository with a single
extremely large file. Note that there is still a risk of exhausting
space in `/tmp`.

V12-Ref: F-77211
This commit is contained in:
Catherine
2026-05-30 16:05:52 +00:00
parent 577bd04d53
commit ec66cdb6b4
+8 -8
View File
@@ -214,6 +214,14 @@ func readGitBlob(
return fmt.Errorf("git blob %s: %w", hash, err)
}
*bytesTransferred += blob.Size
if uint64(*bytesTransferred) > config.Limits.MaxSiteSize.Bytes() {
return fmt.Errorf("%w: fetch exceeds %s limit",
ErrRepositoryTooLarge,
config.Limits.MaxSiteSize.HR(),
)
}
reader, err := blob.Reader()
if err != nil {
return fmt.Errorf("git blob open: %w", err)
@@ -238,14 +246,6 @@ func readGitBlob(
entry.OriginalSize = proto.Int64(blob.Size)
entry.CompressedSize = proto.Int64(blob.Size)
*bytesTransferred += blob.Size
if uint64(*bytesTransferred) > config.Limits.MaxSiteSize.Bytes() {
return fmt.Errorf("%w: fetch exceeds %s limit",
ErrRepositoryTooLarge,
config.Limits.MaxSiteSize.HR(),
)
}
return nil
}