Description
The maxDrawlistBytes config option is only validated as a positive integer with requirePositiveInt(), but has no upper bound. In contrast, maxEventBytes is capped at MAX_SAFE_EVENT_BYTES (4 MiB) via requirePositiveIntAtMost(). This inconsistency means a misconfigured or malicious config value could attempt to allocate arbitrarily large buffers.
Context
- File:
packages/core/src/app/createApp/config.ts:97-99
- Component: App configuration / memory safety
Current Behavior
const maxDrawlistBytes =
config.maxDrawlistBytes === undefined
? DEFAULT_CONFIG.maxDrawlistBytes
: requirePositiveInt("maxDrawlistBytes", config.maxDrawlistBytes);While maxEventBytes does:
const maxEventBytes =
config.maxEventBytes === undefined
? DEFAULT_CONFIG.maxEventBytes
: requirePositiveIntAtMost("maxEventBytes", config.maxEventBytes, MAX_SAFE_EVENT_BYTES);A consumer passing { maxDrawlistBytes: 2 << 30 } (2 GiB) would be accepted without error, potentially causing OOM crashes at runtime when the drawlist buffer is allocated.
Expected Behavior
maxDrawlistBytes should have an upper bound consistent with the project's memory safety approach, similar to maxEventBytes.
Suggested Fix
const MAX_SAFE_FPS_CAP = 1000;
const MAX_SAFE_EVENT_BYTES = 4 << 20; /* 4 MiB */
+const MAX_SAFE_DRAWLIST_BYTES = 8 << 20; /* 8 MiB */
// ...
const maxDrawlistBytes =
config.maxDrawlistBytes === undefined
? DEFAULT_CONFIG.maxDrawlistBytes
- : requirePositiveInt("maxDrawlistBytes", config.maxDrawlistBytes);
+ : requirePositiveIntAtMost("maxDrawlistBytes", config.maxDrawlistBytes, MAX_SAFE_DRAWLIST_BYTES);Note: The default is 2 << 20 (2 MiB) which is already well within bounds. An 8 MiB cap gives headroom for complex UIs while preventing pathological configs.
Impact
- Severity: low-medium — requires explicit misconfiguration, but the inconsistency with
maxEventBytes could confuse consumers
- Affects anyone constructing
AppConfig with very large maxDrawlistBytes
Positively — happy to submit a PR if this is welcome.
Description
The
maxDrawlistBytesconfig option is only validated as a positive integer withrequirePositiveInt(), but has no upper bound. In contrast,maxEventBytesis capped atMAX_SAFE_EVENT_BYTES(4 MiB) viarequirePositiveIntAtMost(). This inconsistency means a misconfigured or malicious config value could attempt to allocate arbitrarily large buffers.Context
packages/core/src/app/createApp/config.ts:97-99Current Behavior
While
maxEventBytesdoes:A consumer passing
{ maxDrawlistBytes: 2 << 30 }(2 GiB) would be accepted without error, potentially causing OOM crashes at runtime when the drawlist buffer is allocated.Expected Behavior
maxDrawlistBytesshould have an upper bound consistent with the project's memory safety approach, similar tomaxEventBytes.Suggested Fix
Note: The default is
2 << 20(2 MiB) which is already well within bounds. An 8 MiB cap gives headroom for complex UIs while preventing pathological configs.Impact
maxEventBytescould confuse consumersAppConfigwith very largemaxDrawlistBytesPositively — happy to submit a PR if this is welcome.