Extension signature verification fails under Linux if file size limits are in effect #251037
Description
LIke many sites, we set a default file size ulimit to prevent users' runaway processes from consuming unlimited disk resources.
When attempting to install Visual Studio Code extensions with any file size limit less than 2TiB in place (cf. "grep 'Max file size' /proc/$$/limits"), signature verification fails with the message:
Cannot install '...' extension because Visual Studio Code cannot verify the extension signature
Signature verification failed with 'UnknownError' error.
Does this issue occur when all extensions are disabled?: N/A
- VS Code Version: 1.100.0, 1.100.3
- OS Version: AlmaLinux 8.10
Steps to Reproduce:
- Set a reasonable file size limit (e.g., "ulimit -f 25165824" from bash)
- Launch "code" from the shell prompt
- Go to 'View' => 'Extensions' (or Ctrl-Shift-X)
- Click on 'Install' for an extension
- Observe the error message above pops up.
- (optional) Run "/usr/share/code/resources/app/node_modules/@vscode/vsce-sign/bin/vsce-sign" from the shell prompt; observe the shell output "File size limit exceeded (core dumped)" (may vary by shell).
The problem appears to be caused by /usr/share/code/resources/app/node_modules/@vscode/vsce-sign/bin/vsce-sign being killed with SIGXFSZ upon trying to ftruncate() the file descriptor obtained from memfd_create("doublemapper", MFD_CLOEXEC) to a size of 2199023255552 (0x20000000000) bytes (2 TiB). It seems implausible that this much memory is required to perform signature verification.