Skip to content
  • YACOVM's avatar
    [FAB-3450] Prevent panic on msg signing · d7233d59
    YACOVM authored
    
    
    Currently, the gossip code panics if it's unable to sign a message
    or to marshal it bytes, because the assumption was
    that if the signing failed then something is terrible wrong with the
    peer and it's not recoverable
    If turning a message into bytes fails, it's because of something
    not recoverable too.
    
    However, a user posted a stack trace in which gossip tried constructing
    a message that its envelope has a payload of 2GB.
    
    Now, the cause for a creation of such a message was fixed but in theory
    we may somehow have a situation where a large message is constructed.
    
    In order to prevent these kind of problems, and the crash of the peer,
    we need to make the Signer return an error instead of panicking.
    
    Change-Id: Ife8f4e137c92c167dadc7bbe1bcdf45f93b2b38e
    Signed-off-by: default avatarYacov Manevich <yacovm@il.ibm.com>
    d7233d59