Limit reading bytes instead of ReadAll (#35928)

wxiaoguang · web-flow · commit 372d24b84bc6 · 2025-11-12T19:44:49.000+08:00
diff --git a/modules/actions/workflows.go b/modules/actions/workflows.go
@@ -5,14 +5,14 @@ package actions
 
 import (
 	"bytes"
-	"io"
 	"slices"
 	"strings"
 
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/glob"
 	"code.gitea.io/gitea/modules/log"
 	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
 	webhook_module "code.gitea.io/gitea/modules/webhook"
 
 	"github.com/nektos/act/pkg/jobparser"
@@ -77,7 +77,7 @@ func GetContentFromEntry(entry *git.TreeEntry) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	content, err := io.ReadAll(f)
+	content, err := util.ReadWithLimit(f, 1024*1024)
 	_ = f.Close()
 	if err != nil {
 		return nil, err
diff --git a/modules/issue/template/unmarshal.go b/modules/issue/template/unmarshal.go
@@ -5,7 +5,6 @@ package template
 
 import (
 	"fmt"
-	"io"
 	"path"
 	"strconv"
 
@@ -76,7 +75,7 @@ func unmarshalFromEntry(entry *git.TreeEntry, filename string) (*api.IssueTempla
 	}
 	defer r.Close()
 
-	content, err := io.ReadAll(r)
+	content, err := util.ReadWithLimit(r, 1024*1024)
 	if err != nil {
 		return nil, fmt.Errorf("read all: %w", err)
 	}
diff --git a/modules/packages/nuget/metadata.go b/modules/packages/nuget/metadata.go
@@ -216,7 +216,7 @@ func ParseNuspecMetaData(archive *zip.Reader, r io.Reader) (*Package, error) {
 	if p.Metadata.Readme != "" {
 		f, err := archive.Open(p.Metadata.Readme)
 		if err == nil {
-			buf, _ := io.ReadAll(f)
+			buf, _ := util.ReadWithLimit(f, 1024*1024)
 			m.Readme = string(buf)
 			_ = f.Close()
 		}
diff --git a/modules/packages/pub/metadata.go b/modules/packages/pub/metadata.go
@@ -89,7 +89,7 @@ func ParsePackage(r io.Reader) (*Package, error) {
 				return nil, err
 			}
 		} else if strings.EqualFold(hd.Name, "readme.md") {
-			data, err := io.ReadAll(tr)
+			data, err := util.ReadWithLimit(tr, 1024*1024)
 			if err != nil {
 				return nil, err
 			}
diff --git a/modules/util/io.go b/modules/util/io.go
@@ -29,7 +29,7 @@ func ReadAtMost(r io.Reader, buf []byte) (n int, err error) {
 // ReadWithLimit reads at most "limit" bytes from r into buf.
 // If EOF or ErrUnexpectedEOF occurs while reading, err will be nil.
 func ReadWithLimit(r io.Reader, n int) (buf []byte, err error) {
-	return readWithLimit(r, 1024, n)
+	return readWithLimit(r, 4*1024, n)
 }
 
 func readWithLimit(r io.Reader, batch, limit int) ([]byte, error) {
diff --git a/routers/web/repo/wiki.go b/routers/web/repo/wiki.go
@@ -133,7 +133,7 @@ func wikiContentsByEntry(ctx *context.Context, entry *git.TreeEntry) []byte {
 		return nil
 	}
 	defer reader.Close()
-	content, err := io.ReadAll(reader)
+	content, err := util.ReadWithLimit(reader, 5*1024*1024) // 5MB should be enough for a wiki page
 	if err != nil {
 		ctx.ServerError("ReadAll", err)
 		return nil
diff --git a/services/issue/template.go b/services/issue/template.go
@@ -5,7 +5,6 @@ package issue
 
 import (
 	"fmt"
-	"io"
 	"net/url"
 	"path"
 	"strings"
@@ -15,6 +14,7 @@ import (
 	"code.gitea.io/gitea/modules/issue/template"
 	"code.gitea.io/gitea/modules/log"
 	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
 
 	"gopkg.in/yaml.v3"
 )
@@ -65,7 +65,7 @@ func GetTemplateConfig(gitRepo *git.Repository, path string, commit *git.Commit)
 
 	defer reader.Close()
 
-	configContent, err := io.ReadAll(reader)
+	configContent, err := util.ReadWithLimit(reader, 1024*1024)
 	if err != nil {
 		return GetDefaultTemplateConfig(), err
 	}
diff --git a/services/repository/generate.go b/services/repository/generate.go
@@ -7,7 +7,9 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -138,31 +140,37 @@ func (gt *giteaTemplateFileMatcher) Match(s string) bool {
 	return false
 }
 
-func readGiteaTemplateFile(tmpDir string) (*giteaTemplateFileMatcher, error) {
-	localPath := filepath.Join(tmpDir, ".gitea", "template")
-	if _, err := os.Stat(localPath); os.IsNotExist(err) {
-		return nil, nil
-	} else if err != nil {
+func readLocalTmpRepoFileContent(localPath string, limit int) ([]byte, error) {
+	ok, err := util.IsRegularFile(localPath)
+	if err != nil {
 		return nil, err
+	} else if !ok {
+		return nil, fs.ErrNotExist
 	}
 
-	content, err := os.ReadFile(localPath)
+	f, err := os.Open(localPath)
 	if err != nil {
 		return nil, err
 	}
+	defer f.Close()
+
+	return util.ReadWithLimit(f, limit)
+}
 
+func readGiteaTemplateFile(tmpDir string) (*giteaTemplateFileMatcher, error) {
+	localPath := filepath.Join(tmpDir, ".gitea", "template")
+	content, err := readLocalTmpRepoFileContent(localPath, 1024*1024)
+	if err != nil {
+		return nil, err
+	}
 	return newGiteaTemplateFileMatcher(localPath, content), nil
 }
 
 func substGiteaTemplateFile(ctx context.Context, tmpDir, tmpDirSubPath string, templateRepo, generateRepo *repo_model.Repository) error {
 	tmpFullPath := filepath.Join(tmpDir, tmpDirSubPath)
-	if ok, err := util.IsRegularFile(tmpFullPath); !ok {
-		return err
-	}
-
-	content, err := os.ReadFile(tmpFullPath)
+	content, err := readLocalTmpRepoFileContent(tmpFullPath, 1024*1024)
 	if err != nil {
-		return err
+		return util.Iif(errors.Is(err, fs.ErrNotExist), nil, err)
 	}
 	if err := util.Remove(tmpFullPath); err != nil {
 		return err
@@ -172,7 +180,7 @@ func substGiteaTemplateFile(ctx context.Context, tmpDir, tmpDirSubPath string, t
 	substSubPath := filepath.Clean(filePathSanitize(generateExpansion(ctx, tmpDirSubPath, templateRepo, generateRepo)))
 	newLocalPath := filepath.Join(tmpDir, substSubPath)
 	regular, err := util.IsRegularFile(newLocalPath)
-	if canWrite := regular || os.IsNotExist(err); !canWrite {
+	if canWrite := regular || errors.Is(err, fs.ErrNotExist); !canWrite {
 		return nil
 	}
 	if err := os.MkdirAll(filepath.Dir(newLocalPath), 0o755); err != nil {
@@ -242,15 +250,15 @@ func generateRepoCommit(ctx context.Context, repo, templateRepo, generateRepo *r
 
 	// Variable expansion
 	fileMatcher, err := readGiteaTemplateFile(tmpDir)
-	if err != nil {
-		return fmt.Errorf("readGiteaTemplateFile: %w", err)
-	}
-
-	if fileMatcher != nil {
+	if err == nil {
 		err = processGiteaTemplateFile(ctx, tmpDir, templateRepo, generateRepo, fileMatcher)
 		if err != nil {
-			return err
+			return fmt.Errorf("processGiteaTemplateFile: %w", err)
 		}
+	} else if errors.Is(err, fs.ErrNotExist) {
+		log.Debug("skip processing repo template files: no available .gitea/template")
+	} else {
+		return fmt.Errorf("readGiteaTemplateFile: %w", err)
 	}
 
 	if err = git.InitRepository(ctx, tmpDir, false, templateRepo.ObjectFormatName); err != nil {
diff --git a/services/repository/generate_test.go b/services/repository/generate_test.go
@@ -4,6 +4,7 @@
 package repository
 
 import (
+	"io/fs"
 	"os"
 	"path/filepath"
 	"testing"
@@ -175,6 +176,31 @@ func TestProcessGiteaTemplateFile(t *testing.T) {
 		// subst from a link, skip, and the target is unchanged
 		assertSymLink("subst-${TEMPLATE_NAME}-from-link", tmpDir+"/sub/link-target")
 	}
+
+	{
+		templateFilePath := tmpDir + "/.gitea/template"
+
+		_ = os.Remove(templateFilePath)
+		_, err := os.Lstat(templateFilePath)
+		require.ErrorIs(t, err, fs.ErrNotExist)
+		_, err = readGiteaTemplateFile(tmpDir) // no template file
+		require.ErrorIs(t, err, fs.ErrNotExist)
+
+		_ = os.WriteFile(templateFilePath+".target", []byte("test-data-target"), 0o644)
+		_ = os.Symlink(templateFilePath+".target", templateFilePath)
+		content, _ := os.ReadFile(templateFilePath)
+		require.Equal(t, "test-data-target", string(content))
+		_, err = readGiteaTemplateFile(tmpDir) // symlinked template file
+		require.ErrorIs(t, err, fs.ErrNotExist)
+
+		_ = os.Remove(templateFilePath)
+		_ = os.WriteFile(templateFilePath, []byte("test-data-regular"), 0o644)
+		content, _ = os.ReadFile(templateFilePath)
+		require.Equal(t, "test-data-regular", string(content))
+		fm, err := readGiteaTemplateFile(tmpDir) // regular template file
+		require.NoError(t, err)
+		assert.Len(t, fm.globs, 1)
+	}
 }
 
 func TestTransformers(t *testing.T) {
diff --git a/services/webhook/deliver.go b/services/webhook/deliver.go
@@ -30,6 +30,7 @@ import (
 	"code.gitea.io/gitea/modules/queue"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"
 	webhook_module "code.gitea.io/gitea/modules/webhook"
 )
 
@@ -264,7 +265,7 @@ func Deliver(ctx context.Context, t *webhook_model.HookTask) error {
 		t.ResponseInfo.Headers[k] = strings.Join(vals, ",")
 	}
 
-	p, err := io.ReadAll(resp.Body)
+	p, err := util.ReadWithLimit(resp.Body, 1024*1024)
 	if err != nil {
 		t.ResponseInfo.Body = fmt.Sprintf("read body: %s", err)
 		return fmt.Errorf("unable to deliver webhook task[%d] in %s as unable to read response body: %w", t.ID, w.URL, err)

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,6 @@ package template`
`5`	`5`
`6`	`6`	`import (`
`7`	`7`	`"fmt"`
`8`		`- "io"`
`9`	`8`	`"path"`
`10`	`9`	`"strconv"`
`11`	`10`
`@@ -76,7 +75,7 @@ func unmarshalFromEntry(entry git.TreeEntry, filename string) (api.IssueTempla`
`76`	`75`	`}`
`77`	`76`	`defer r.Close()`
`78`	`77`
`79`		`- content, err := io.ReadAll(r)`
	`78`	`+ content, err := util.ReadWithLimit(r, 1024*1024)`
`80`	`79`	`if err != nil {`
`81`	`80`	`return nil, fmt.Errorf("read all: %w", err)`
`82`	`81`	`}`
Original file line number	Diff line number	Diff line change
`@@ -216,7 +216,7 @@ func ParseNuspecMetaData(archive zip.Reader, r io.Reader) (Package, error) {`
`216`	`216`	`if p.Metadata.Readme != "" {`
`217`	`217`	`f, err := archive.Open(p.Metadata.Readme)`
`218`	`218`	`if err == nil {`
`219`		`- buf, _ := io.ReadAll(f)`
	`219`	`+ buf, _ := util.ReadWithLimit(f, 1024*1024)`
`220`	`220`	`m.Readme = string(buf)`
`221`	`221`	`_ = f.Close()`
`222`	`222`	`}`
Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ func ParsePackage(r io.Reader) (*Package, error) {`
`89`	`89`	`return nil, err`
`90`	`90`	`}`
`91`	`91`	`} else if strings.EqualFold(hd.Name, "readme.md") {`
`92`		`- data, err := io.ReadAll(tr)`
	`92`	`+ data, err := util.ReadWithLimit(tr, 1024*1024)`
`93`	`93`	`if err != nil {`
`94`	`94`	`return nil, err`
`95`	`95`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func ReadAtMost(r io.Reader, buf []byte) (n int, err error) {`
`29`	`29`	`// ReadWithLimit reads at most "limit" bytes from r into buf.`
`30`	`30`	`// If EOF or ErrUnexpectedEOF occurs while reading, err will be nil.`
`31`	`31`	`func ReadWithLimit(r io.Reader, n int) (buf []byte, err error) {`
`32`		`- return readWithLimit(r, 1024, n)`
	`32`	`+ return readWithLimit(r, 4*1024, n)`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`func readWithLimit(r io.Reader, batch, limit int) ([]byte, error) {`
Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ func wikiContentsByEntry(ctx context.Context, entry git.TreeEntry) []byte {`
`133`	`133`	`return nil`
`134`	`134`	`}`
`135`	`135`	`defer reader.Close()`
`136`		`- content, err := io.ReadAll(reader)`
	`136`	`+ content, err := util.ReadWithLimit(reader, 510241024) // 5MB should be enough for a wiki page`
`137`	`137`	`if err != nil {`
`138`	`138`	`ctx.ServerError("ReadAll", err)`
`139`	`139`	`return nil`
Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ import (`
`30`	`30`	`"code.gitea.io/gitea/modules/queue"`
`31`	`31`	`"code.gitea.io/gitea/modules/setting"`
`32`	`32`	`"code.gitea.io/gitea/modules/timeutil"`
	`33`	`+ "code.gitea.io/gitea/modules/util"`
`33`	`34`	`webhook_module "code.gitea.io/gitea/modules/webhook"`
`34`	`35`	`)`
`35`	`36`
`@@ -264,7 +265,7 @@ func Deliver(ctx context.Context, t *webhook_model.HookTask) error {`
`264`	`265`	`t.ResponseInfo.Headers[k] = strings.Join(vals, ",")`
`265`	`266`	`}`
`266`	`267`
`267`		`- p, err := io.ReadAll(resp.Body)`
	`268`	`+ p, err := util.ReadWithLimit(resp.Body, 1024*1024)`
`268`	`269`	`if err != nil {`
`269`	`270`	`t.ResponseInfo.Body = fmt.Sprintf("read body: %s", err)`
`270`	`271`	`return fmt.Errorf("unable to deliver webhook task[%d] in %s as unable to read response body: %w", t.ID, w.URL, err)`