Fix parser resource handling and generator integration issues#40
Conversation
- validate packed payload availability and enforce aggregate parsing and resource budgets - validate generator requests, descriptor graphs, output paths, output budgets, and formatter configuration - verify prebuilt protoc archives with pinned SHA-256 values, bounded transfer and extraction, and transactional replacement - tighten CMake option handling and remove obsolete debugger and namespace compatibility paths - regenerate smoke fixtures and expand documentation and regression coverage for hosted and freestanding C++20 builds
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0eddadb05c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
- validate runtime and include prefixes for direct GeneratorOptions construction - reject reserved transport parameters passed through CMake OPTIONS - document the reserved parameter namespace and add regression coverage
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b862156e04
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
- charge repeated and map limits before decoding or allocation - route nested parsing through a private runtime access gate so ReaderRef entry points retain top-level budgets - stream formatter stdout and stderr under the remaining output cap - add regression coverage, regenerate smoke outputs, and document formatter budget behavior
|
@codex review |
|
Codex Review: Didn't find any major issues. 👍 Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Summary
Reader::can_readpart of the required reader contract.protocarchives with pinned SHA-256 values, bounded download and extraction, and transactional replacement.Why
Malformed or oversized inputs could trigger avoidable allocation and processing before their complete payloads were known to be available. Embedded generator use also lacked operator-controlled request and output budgets, while CMake could accept runtime options it could not model consistently. The CI
protocbootstrap downloaded and extracted release archives without validating their configured digest or bounding archive work.Impact
Default local generator behavior remains unchanged unless an embedding caller supplies a
GeneratorPolicy. Runtime wire limits retain protobuf-compatible defaults; finite collection and allocation budgets are explicit application policy. Custom readers and scalar vectors must implement the now-requiredcan_read,append_trivial_range, andresize_for_overwritecontracts. Protocyte remains pre-1.0, so callers should update directly rather than depend on removed aliases or shims.Validation
clang-format --dry-run --Werroron all 7 touched C++ filesuv run ruff check .uv run pytest -q: 339 passed