[4.3.x] cherrypicks (#1460)

cdisselkoen · adpaco-aws · web-flow · commit 7a808085e87c · 2025-02-07T16:17:21.000-05:00
Signed-off-by: Adrian Palacios &lt;accorell@amazon.com&gt;
Signed-off-by: Craig Disselkoen &lt;cdiss@amazon.com&gt;
Co-authored-by: Adrian Palacios &lt;73246657+adpaco-aws@users.noreply.github.com&gt;
diff --git a/cedar-policy-core/src/evaluator.rs b/cedar-policy-core/src/evaluator.rs
@@ -34,7 +34,6 @@ use itertools::{Either, Itertools};
 use nonempty::nonempty;
 use smol_str::SmolStr;
 
-#[cfg(not(target_arch = "wasm32"))]
 const REQUIRED_STACK_SPACE: usize = 1024 * 100;
 
 // PANIC SAFETY `Name`s in here are valid `Name`s
@@ -1108,11 +1107,9 @@ impl Value {
 
 #[inline(always)]
 fn stack_size_check() -> Result<()> {
-    #[cfg(not(target_arch = "wasm32"))]
-    {
-        if stacker::remaining_stack().unwrap_or(0) < REQUIRED_STACK_SPACE {
-            return Err(EvaluationError::recursion_limit(None));
-        }
+    // We assume there's enough space if we cannot determine it with `remaining_stack`
+    if stacker::remaining_stack().unwrap_or(REQUIRED_STACK_SPACE) < REQUIRED_STACK_SPACE {
+        return Err(EvaluationError::recursion_limit(None));
     }
     Ok(())
 }
diff --git a/cedar-policy-core/src/evaluator/err.rs b/cedar-policy-core/src/evaluator/err.rs
@@ -321,7 +321,6 @@ impl EvaluationError {
     }
 
     /// Construct a [`RecursionLimit`] error
-    #[cfg(not(target_arch = "wasm32"))]
     pub(crate) fn recursion_limit(source_loc: Option<Loc>) -> Self {
         evaluation_errors::RecursionLimitError { source_loc }.into()
     }
diff --git a/cedar-policy-validator/src/typecheck.rs b/cedar-policy-validator/src/typecheck.rs
@@ -47,7 +47,6 @@ use cedar_policy_core::{
     expr_builder::ExprBuilder as _,
 };
 
-#[cfg(not(target_arch = "wasm32"))]
 const REQUIRED_STACK_SPACE: usize = 1024 * 100;
 
 /// Basic result for typechecking
@@ -352,8 +351,8 @@ impl<'a> SingleEnvTypechecker<'a> {
         e: &'b Expr,
         type_errors: &mut Vec<ValidationError>,
     ) -> TypecheckAnswer<'b> {
-        #[cfg(not(target_arch = "wasm32"))]
-        if stacker::remaining_stack().unwrap_or(0) < REQUIRED_STACK_SPACE {
+        // We assume there's enough space if we cannot determine it with `remaining_stack`
+        if stacker::remaining_stack().unwrap_or(REQUIRED_STACK_SPACE) < REQUIRED_STACK_SPACE {
             return TypecheckAnswer::RecursionLimit;
         }
 
diff --git a/cedar-policy/src/api.rs b/cedar-policy/src/api.rs
@@ -873,6 +873,11 @@ impl Authorizer {
     /// The authorizer uses the `stacker` crate to manage stack size and tries to use a sane default.
     /// If the default is not right for you, you can try wrapping the authorizer or individual calls
     /// to `is_authorized` in `stacker::grow`.
+    /// Note that on platforms not supported by `stacker` (e.g., Wasm, Android),
+    /// the authorizer will simply assume that the stack size is sufficient. As a result, large inputs
+    /// may result in stack overflows and crashing the process.
+    /// But on all platforms supported by `stacker` (Linux, macOS, ...), Cedar will return the
+    /// graceful error `RecursionLimit` instead of crashing.
     /// ```
     /// # use cedar_policy::{Authorizer, Context, Entities, EntityId, EntityTypeName,
     /// # EntityUid, Request,PolicySet};

Original file line number	Diff line number	Diff line change
`@@ -321,7 +321,6 @@ impl EvaluationError {`
`321`	`321`	`}`
`322`	`322`
`323`	`323`	/// Construct a [`RecursionLimit`] error
`324`		`- #[cfg(not(target_arch = "wasm32"))]`
`325`	`324`	`pub(crate) fn recursion_limit(source_loc: Option<Loc>) -> Self {`
`326`	`325`	`evaluation_errors::RecursionLimitError { source_loc }.into()`
`327`	`326`	`}`