Highlights
Denial of Service: 8 prior fixes. Scrutinize any change in this area.
compiler/generator/emit_unmarshal.go: most-fixed (5 issues). Treat as high-risk during review.
5 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Denial of Service: Unbounded recursion depth during nested protobuf payload unmarshalling allows attackers to cause stack exhaustion and crash the application. The generator failed to propagate and validate recursion depth constraints across Go package boundaries.
Denial of Service: Attackers can trigger Out-of-Memory (OOM) crashes by supplying crafted payloads with large length fields that force exact-fit or disproportionate slice capacity pre-allocations via 'make'.
Denial of Service: On 32-bit platforms, large uint64 length properties in protobuf messages can bypass length bounds checking due to integer truncation when cast to int, resulting in a denial of service.