From 3eb73c58bd9e290ef10df98334e761ab01869a36 Mon Sep 17 00:00:00 2001 From: Craig Disselkoen Date: Fri, 7 Feb 2025 15:32:30 -0500 Subject: [PATCH] clarify docs and changelog for 1446 (#1457) Signed-off-by: Craig Disselkoen --- cedar-policy/CHANGELOG.md | 6 +++++- cedar-policy/src/api.rs | 9 ++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/cedar-policy/CHANGELOG.md b/cedar-policy/CHANGELOG.md index 06a2e48c7..c27fdeb26 100644 --- a/cedar-policy/CHANGELOG.md +++ b/cedar-policy/CHANGELOG.md @@ -19,7 +19,11 @@ Cedar Language Version: TBD ### Fixed -- Assume sufficient stack space when it cannot be determined (#1446, resolving #1443) +- Assume sufficient stack space when it cannot be determined (#1446, resolving #1443). + Note that on platforms not supported by `stacker` (e.g., Wasm, Android), this means + that large inputs may result in stack overflows and crashing the process. + On all platforms supported by `stacker` (Linux, macOS, ...), Cedar will + continue to return the graceful error `RecursionLimit` instead of crashing. ## [4.3.1] - Coming soon Cedar Language Version: 4.2 diff --git a/cedar-policy/src/api.rs b/cedar-policy/src/api.rs index 4d7fcdaf1..503e2d13c 100644 --- a/cedar-policy/src/api.rs +++ b/cedar-policy/src/api.rs @@ -872,9 +872,12 @@ impl Authorizer { /// /// The authorizer uses the `stacker` crate to manage stack size and tries to use a sane default. /// If the default is not right for you, you can try wrapping the authorizer or individual calls - /// to `is_authorized` in `stacker::grow`. Note that `stacker` does not provide support in some - /// platforms like `wasm32`. In such cases, the authorizer will assume that the stack size is - /// sufficient. + /// to `is_authorized` in `stacker::grow`. + /// Note that on platforms not supported by `stacker` (e.g., Wasm, Android), + /// the authorizer will simply assume that the stack size is sufficient. As a result, large inputs + /// may result in stack overflows and crashing the process. + /// But on all platforms supported by `stacker` (Linux, macOS, ...), Cedar will return the + /// graceful error `RecursionLimit` instead of crashing. /// ``` /// # use cedar_policy::{Authorizer, Context, Entities, EntityId, EntityTypeName, /// # EntityUid, Request,PolicySet};