[FIX] tools: avoid crashes if expression is too large

When passing a very large expression to `literal_eval`, the odoo server crashes. To avoid this behavior, a limit needs to be set by using the env varaible `ODOO_LIMIT_LITEVAL_BUFFER`. If the variable is not set, it defaults to 100Kib. closes odoo/odoo#121547 X-original-commit: 1b44748c Signed-off-by: Vranckx Florian (flvr) <flvr@odoo.com>

[FIX] tools: avoid crashes if expression is too large
0e4f3ac4 · joda-odoo · 7735e70a · 0e4f3ac4
Commit 0e4f3ac4 authored 1 year ago by joda-odoo
--- a/odoo/tools/_monkeypatches.py
+++ b/odoo/tools/_monkeypatches.py
+import ast
+import os
+import logging
 from shutil import copyfileobj

+_logger = logging.getLogger(__name__)
+
 from werkzeug.datastructures import FileStorage

 try:
@@ -22,3 +27,26 @@ else:
    xlsx.Element_has_iter = True

 FileStorage.save = lambda self, dst, buffer_size=1<<20: copyfileobj(self.stream, dst, buffer_size)
+
+orig_literal_eval = ast.literal_eval
+
+def literal_eval(expr):
+    # limit the size of the expression to avoid segmentation faults
+    # the default limit is set to 100KiB
+    # can be overridden by setting the ODOO_LIMIT_LITEVAL_BUFFER buffer_size_environment variable
+
+    buffer_size = 102400
+    buffer_size_env = os.getenv("ODOO_LIMIT_LITEVAL_BUFFER")
+
+    if buffer_size_env:
+        if buffer_size_env.isdigit():
+            buffer_size = int(buffer_size_env)
+        else:
+            _logger.error("ODOO_LIMIT_LITEVAL_BUFFER has to be an integer, defaulting to 100KiB")
+
+    if len(expr) > buffer_size:
+        raise ValueError("expression can't exceed buffer limit")
+
+    return orig_literal_eval(expr)
+
+ast.literal_eval = literal_eval