From 1b44748c955e4b998ac58abe6444a721bc5ace41 Mon Sep 17 00:00:00 2001
From: joda-odoo <joda@odoo.com>
Date: Tue, 16 May 2023 09:43:42 +0000
Subject: [PATCH] [FIX] tools: avoid crashes if expression is too large

When passing a very large expression to `literal_eval`, the odoo server crashes.
To avoid this behavior, a limit needs to be set by using the env varaible `ODOO_LIMIT_LITEVAL_BUFFER`.
If the variable is not set, it defaults to 100Kib.

closes odoo/odoo#121530

Signed-off-by: Vranckx Florian (flvr) <flvr@odoo.com>
---
 odoo/tools/_monkeypatches.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/odoo/tools/_monkeypatches.py b/odoo/tools/_monkeypatches.py
index 40e337151ddf..a2d24a640019 100644
--- a/odoo/tools/_monkeypatches.py
+++ b/odoo/tools/_monkeypatches.py
@@ -1,3 +1,5 @@
+import ast
+import os
 from shutil import copyfileobj
 
 from werkzeug.datastructures import FileStorage
@@ -22,3 +24,17 @@ else:
     xlsx.Element_has_iter = True
 
 FileStorage.save = lambda self, dst, buffer_size=1<<20: copyfileobj(self.stream, dst, buffer_size)
+
+orig_literal_eval = ast.literal_eval
+
+def literal_eval(expr):
+    # limit the size of the expression to avoid segmentation faults
+    # the default limit is set to 100KiB
+    # can be overridden by setting the ODOO_LIMIT_LITEVAL_BUFFER environment variable
+    buffer_size = os.getenv("ODOO_LIMIT_LITEVAL_BUFFER") or 1.024e5
+    if len(expr) > int(buffer_size):
+        raise ValueError("expression can't exceed buffer limit")
+
+    return orig_literal_eval(expr)
+
+ast.literal_eval = literal_eval
-- 
GitLab