Skip to content

Avoid Vec::with_capacity(huge) on empty Routes#4556

Merged
tnull merged 1 commit intolightningdevkit:mainfrom
TheBlueMatt:2026-04-over-alloc-empty-route
Apr 13, 2026
Merged

Avoid Vec::with_capacity(huge) on empty Routes#4556
tnull merged 1 commit intolightningdevkit:mainfrom
TheBlueMatt:2026-04-over-alloc-empty-route

Conversation

@TheBlueMatt
Copy link
Copy Markdown
Collaborator

@TheBlueMatt TheBlueMatt commented Apr 13, 2026

In generally we consider empty Routes bogus garbage and don't always handle them super carefully, but ideally we shouldn't allocate a huge buffer just because someone passes a bogus Route to an onion-building utility method.

Reported by Jordan Mecom of Block's Security Team

Test by Claude Opus 4.6

@TheBlueMatt
Avoid Vec::with_capacity(huge) on empty Routes
4c398bb 
In generally we consider empty `Route`s bogus garbage and don't
always handle them super carefully, but ideally we shouldn't
allocate a huge buffer just because someone passes a bogus `Route`
to an onion-building utility method.

Reported by Jordan Mecom of Block's Security Team

Test by Claude Opus 4.6
@ldk-reviews-bot
Copy link
Copy Markdown

ldk-reviews-bot commented Apr 13, 2026
edited
Loading

I've assigned @wpaulino as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

@ldk-claude-review-bot
Copy link
Copy Markdown
Collaborator

ldk-claude-review-bot commented Apr 13, 2026

I've reviewed the entire diff thoroughly. The fix is correct and well-placed. The payloads.len() - 1 on line 842 (usize arithmetic) would wrap to usize::MAX when payloads is empty, causing Vec::with_capacity(65 * usize::MAX) — a massive allocation attempt. The guard at the centralized construct_onion_packet_with_init_noise function covers all callers (construct_onion_packet, construct_trampoline_onion_packet, construct_onion_message_packet, and the test-only variant).

No issues found.

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 13, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 92.30769% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 86.99%. Comparing base (2ebc372) to head (4c398bb).
⚠️ Report is 11 commits behind head on main.

Files with missing lines Patch % Lines
lightning/src/ln/onion_utils.rs 92.30% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4556      +/-   ##
==========================================
- Coverage   87.01%   86.99%   -0.03%     
==========================================
  Files         163      163              
  Lines      108682   108706      +24     
  Branches   108682   108706      +24     
==========================================
- Hits        94572    94571       -1     
- Misses      11631    11655      +24     
- Partials     2479     2480       +1
Flag Coverage Δ
fuzzing 40.27% <40.00%> (+0.03%) ⬆️
tests 86.08% <92.30%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@tnull tnull merged commit 4862ae1 into lightningdevkit:main Apr 13, 2026
23 of 25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tnull tnull tnull approved these changes

@wpaulino wpaulino Awaiting requested review from wpaulino

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TheBlueMatt @ldk-reviews-bot @ldk-claude-review-bot @tnull