From 0e4f3ac464b80573b3dab8761dfba54771da0128 Mon Sep 17 00:00:00 2001
From: joda-odoo <joda@odoo.com>
Date: Tue, 16 May 2023 09:43:42 +0000
Subject: [PATCH] [FIX] tools: avoid crashes if expression is too large

When passing a very large expression to `literal_eval`, the odoo server crashes.
To avoid this behavior, a limit needs to be set by using the env varaible `ODOO_LIMIT_LITEVAL_BUFFER`.
If the variable is not set, it defaults to 100Kib.

closes odoo/odoo#121547

X-original-commit: 1b44748c955e4b998ac58abe6444a721bc5ace41
Signed-off-by: Vranckx Florian (flvr) <flvr@odoo.com>
---
 odoo/tools/_monkeypatches.py | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/odoo/tools/_monkeypatches.py b/odoo/tools/_monkeypatches.py
index 40e337151ddf..f6e6eb4b5b70 100644
--- a/odoo/tools/_monkeypatches.py
+++ b/odoo/tools/_monkeypatches.py
@@ -1,5 +1,10 @@
+import ast
+import os
+import logging
 from shutil import copyfileobj
 
+_logger = logging.getLogger(__name__)
+
 from werkzeug.datastructures import FileStorage
 
 try:
@@ -22,3 +27,26 @@ else:
     xlsx.Element_has_iter = True
 
 FileStorage.save = lambda self, dst, buffer_size=1<<20: copyfileobj(self.stream, dst, buffer_size)
+
+orig_literal_eval = ast.literal_eval
+
+def literal_eval(expr):
+    # limit the size of the expression to avoid segmentation faults
+    # the default limit is set to 100KiB
+    # can be overridden by setting the ODOO_LIMIT_LITEVAL_BUFFER buffer_size_environment variable
+
+    buffer_size = 102400
+    buffer_size_env = os.getenv("ODOO_LIMIT_LITEVAL_BUFFER")
+
+    if buffer_size_env:
+        if buffer_size_env.isdigit():
+            buffer_size = int(buffer_size_env)
+        else:
+            _logger.error("ODOO_LIMIT_LITEVAL_BUFFER has to be an integer, defaulting to 100KiB")
+
+    if len(expr) > buffer_size:
+        raise ValueError("expression can't exceed buffer limit")
+
+    return orig_literal_eval(expr)
+
+ast.literal_eval = literal_eval
-- 
GitLab