This PoC demonstrates that compressed input can decompress above the chunk limit, showing the risk of decompressing before strict size enforcement.
npm installnpx ts-node .\glitchtip-gzip-decompression-poc.ts --chunk-limit-bytes 33554432 --extra-bytes 1024- Run the PoC with a chosen chunk limit.
- The script builds a payload that expands just above that limit.
- It prints compressed and decompressed sizes.
The script shows:
- compressed size is small
- decompressed size exceeds the configured chunk limit
This reproduces the memory-allocation-before-rejection pattern.