jedarden/pdftract
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(bf-5en1a): add verification note for max_decompress_bytes default

Browse source 
The 512 MiB DEFAULT_MAX_DECOMPRESS_BYTES change was implemented in
commit e94f2ab (fix(bf-49wmw)). This note documents the verification.

Co-Authored-By: Claude Code <noreply@anthropic.com>
This commit is contained in:
jedarden 2026-05-22 17:28:42 -04:00
parent 256b5c7e5e
commit 6d06624682
1 changed files with 59 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
notes/bf-5en1a.md Normal file
View file

@ -0,0 +1,59 @@
# bf-5en1a: Lower max_decompress_bytes default to 512MB and propagate
## Work Completed
This bead's changes were implemented in commit `e94f2ab` (fix(bf-49wmw): fix PNG-predictor unbounded pre-allocation).
### Changes Made
1. **Core constant** (`crates/pdftract-core/src/parser/stream.rs:35`):
- Changed `DEFAULT_MAX_DECOMPRESS_BYTES` from `2 * 1024_u64.pow(3)` (2 GiB) to `512 * 1024_u64.pow(2)` (512 MiB)
- Updated documentation comment
2. **ExtractionOptions default** (`crates/pdftract-core/src/parser/stream.rs:1021`):
- Already uses `DEFAULT_MAX_DECOMPRESS_BYTES`, no change needed
3. **CLI** (`crates/pdftract-cli/src/main.rs`):
- Uses `ExtractionOptions::default()`, inherits the 512 MiB limit
- No hardcoded values to change
4. **Python bindings** (`crates/pdftract-py/src/lib.rs`):
- Stub implementation, no `max_decompress_bytes` exposure yet
5. **MCP server** (`crates/pdftract-cli/src/mcp/server.rs`):
- Stub implementation, no service yet
6. **test_bomb_limit_flate** (`crates/pdftract-core/src/parser/stream.rs:966`):
- Uses custom limit of 3 bytes for testing
- No change needed - test verifies bomb limit behavior, not the specific default value
## Acceptance Criteria
- [x] PASS: `DEFAULT_MAX_DECOMPRESS_BYTES` is 512 MiB
- [x] PASS: `ExtractionOptions::default()` uses the constant
- [x] PASS: CLI inherits the default
- [x] PASS: Tests pass (`test_bomb_limit_flate`, `test_extraction_options_default`)
- [x] WARN: Python bindings are stub (no exposure yet)
- [x] WARN: MCP server is stub (no service yet)
## Verification
```bash
# Verify constant value
grep "DEFAULT_MAX_DECOMPRESS_BYTES" crates/pdftract-core/src/parser/stream.rs
# Output: pub const DEFAULT_MAX_DECOMPRESS_BYTES: u64 = 512 * 1024_u64.pow(2);
# Verify ExtractionOptions default
cargo test test_extraction_options_default --lib
# Output: test result: ok. 1 passed
# Verify bomb limit test
cargo test test_bomb_limit_flate --lib
# Output: test result: ok. 1 passed
```
## References
- Plan: `/home/coding/pdftract/docs/plan/plan.md` line 75 (512 MB default)
- Research doc: `docs/research/adversarial-inputs-and-parser-security.md`
- Implementation commit: `e94f2ab` (fix(bf-49wmw))