Bound buffer for reading stats (#14542)

knative-prow-robot · evankanderson · web-flow · commit 012ee2509231 · 2023-10-19T05:29:02.000Z
Co-authored-by: Evan Anderson &lt;evan.k.anderson@gmail.com&gt;
diff --git a/pkg/autoscaler/metrics/http_scrape_client.go b/pkg/autoscaler/metrics/http_scrape_client.go
@@ -82,7 +82,9 @@ func statFromProto(body io.Reader) (Stat, error) {
 	b := pool.Get().(*bytes.Buffer)
 	b.Reset()
 	defer pool.Put(b)
-	_, err := b.ReadFrom(body)
+	// 6 8-byte fields (+2 bytes marshalling), one hostname, 20 bytes extra space
+	r := io.LimitedReader{R: body, N: 6*10 + 256 + 20}
+	_, err := b.ReadFrom(&r)
 	if err != nil {
 		return emptyStat, fmt.Errorf("reading body failed: %w", err)
 	}
diff --git a/pkg/autoscaler/metrics/http_scrape_client_test.go b/pkg/autoscaler/metrics/http_scrape_client_test.go
@@ -95,6 +95,21 @@ func TestHTTPScrapeClientScrapeProtoErrorCases(t *testing.T) {
 		responseCode: http.StatusOK,
 		responseType: "text/html",
 		expectedErr:  errUnsupportedMetricType.Error(),
+	}, {
+		name:         "LongStat",
+		responseCode: http.StatusOK,
+		responseType: "application/protobuf",
+		stat: Stat{
+			// We don't expect PodName to be 600 characters long
+			PodName:                          strings.Repeat("a123456789", 60),
+			AverageConcurrentRequests:        1.1,
+			AverageProxiedConcurrentRequests: 1.1,
+			RequestCount:                     33.2,
+			ProxiedRequestCount:              33.2,
+			ProcessUptime:                    12345.678,
+			Timestamp:                        1697431278,
+		},
+		expectedErr: "unmarshalling failed: unexpected EOF",
 	}}
 
 	for _, test := range testCases {
