Window Operator: Unbounded Memory Growth Vulnerability

[kxrxh]

The WindowOperator accumulates items in memory without bounds checking when using TriggerAllFunc (or default nil trigger), causing potential OOM failures.

Vulnerable Code: operators/window/operator.go:109

itemWindow = append(itemWindow, itemVal)  // No bounds check!

Issue:

• TriggerAllFunc never triggers until source closes
• Items accumulate indefinitely in memory
• No maximum size limit

Impact

• OOM Risk: Memory grows unbounded - no limit exists
• Real-World Scenarios:
  • IoT sensor stream (1 item/sec): 100k items ≈ 9 MB, 1M items ≈ 90 MB
  • HTTP request body: Large uploads can exhaust memory
  • Long-running streams: Accumulates indefinitely until source closes
• Fog Computing: Critical for resource-constrained devices (256MB-2GB RAM)
• DoS Vulnerability: Malicious clients can exhaust server memory

Proposed Solution

Add SetMaxSize() method to enforce maximum window size. When limit reached, window auto-triggers.

windowOp := window.Batch[string]()
windowOp.SetMaxSize(10000)  // Force trigger at 10K items

Contribution

I would like to contribute a fix for this issue:

• Add maxSize field and SetMaxSize() method
• Add bounds checking before append
• Add warning log when limit reached
• Add comprehensive unit tests

[vladimirvivien]

@kxrxh we're aware of some memory issues. We will have new releases early in January to address them.

[vladimirvivien]

I am dedicating time this weekend to address this issue.