Skip to content

Upping the stack size to 64*1000*1000 to avoid stack overflow with recursive SDS regexes#836

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 7 commits intomainfrom
james.lewis/stack-overflow-with-secrets-scans
Mar 6, 2026
Merged

Upping the stack size to 64*1000*1000 to avoid stack overflow with recursive SDS regexes#836
gh-worker-dd-mergequeue-cf854d[bot] merged 7 commits intomainfrom
james.lewis/stack-overflow-with-secrets-scans

Conversation

@jamesphlewis
Copy link
Copy Markdown
Collaborator

@jamesphlewis jamesphlewis commented Mar 3, 2026

What problem are you trying to solve?

Some secrets scans fail with a stack overflow due to the recursive nature of the SDS scans.

What is your solution?

Increase the stack size to allow for more recursion.

Alternatives considered

What the reviewer should know

@jamesphlewis jamesphlewis requested a review from a team as a code owner March 3, 2026 16:17
@datadog-official

This comment has been minimized.

Sign in to view
jasonforal
jasonforal previously approved these changes Mar 3, 2026
View reviewed changes
Comment thread crates/bins/src/bin/datadog-static-analyzer-server.rs Outdated
// Stack size is set explicitly to 64MB for the dd-sds scanner's regex matching depth.
let rayon_pool = rayon::ThreadPoolBuilder::new()
.num_threads(0)
.stack_size(64 * 1024 * 1024)
Copy link
Copy Markdown
Collaborator

@jasonforal jasonforal Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please revert this, since it's used by the IDE (so runs in the background on user machines). We currently don't support Secrets scanning in the IDE (@alonam is currently working on this so will need to come up with a solution for this

Copy link
Copy Markdown
Collaborator Author

@jamesphlewis jamesphlewis Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Comment thread crates/bins/src/bin/datadog-static-analyzer.rs Outdated
// Stack size is set explicitly to 64MB for the dd-sds scanner's regex matching depth.
rayon::ThreadPoolBuilder::new()
.num_threads(configuration.get_num_threads())
.stack_size(64 * 1024 * 1024)
Copy link
Copy Markdown
Collaborator

@jasonforal jasonforal Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we check whether secrets is enabled or not and only bump the stack size if it is?

Copy link
Copy Markdown
Collaborator Author

@jamesphlewis jamesphlewis Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@jamesphlewis
Copy link
Copy Markdown
Collaborator Author

jamesphlewis commented Mar 6, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 Bot commented Mar 6, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-06 13:04:17 UTC ℹ️ Start processing command /merge

2026-03-06 13:04:21 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 20m (p90).

2026-03-06 13:25:19 UTC ℹ️ MergeQueue: This merge request was merged

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit 9851ee8 into main Mar 6, 2026
87 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the james.lewis/stack-overflow-with-secrets-scans branch March 6, 2026 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonforal jasonforal jasonforal approved these changes

Assignees

No one assigned

Labels

mergequeue-status: done

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamesphlewis @jasonforal