The text phase reads .pony source files with file.read_string(file.size()) without a size check. This is the same unbounded-read pattern that was fixed for config files (#5133 / PR #5138) and ignore files (#5137).
Source files are explicitly user-specified targets (not implicitly discovered from every directory like config/ignore files), so the risk is lower. But a malicious or accidentally large .pony file would still be read entirely into memory.
Flagged independently by the Adversarial and Security review personas during code review of the ignore file size bound change.
The text phase reads .pony source files with
file.read_string(file.size())without a size check. This is the same unbounded-read pattern that was fixed for config files (#5133 / PR #5138) and ignore files (#5137).Source files are explicitly user-specified targets (not implicitly discovered from every directory like config/ignore files), so the risk is lower. But a malicious or accidentally large .pony file would still be read entirely into memory.
Flagged independently by the Adversarial and Security review personas during code review of the ignore file size bound change.