feat(minidump): Guard against compressed minidump streams by tobias-wilfert · Pull Request #5984 · getsentry/relay

tobias-wilfert · 2026-05-12T11:24:44Z

Adds a check to ensure we are not streaming compressed minidumps to objectstore (since neither it not symbolicator can currently handle them).

FIX INGEST-891

linear-code · 2026-05-12T11:24:48Z

INGEST-891

tobias-wilfert · 2026-05-12T11:32:51Z

    project_id = 42
    minidump_content = b"MDMP content"
-    log_content = b"Some log file content"
+    log_content = b"\x1f\x8b Some log file content"


Add this to ensure that compressed attachment still work.

tobias-wilfert · 2026-05-12T11:34:47Z

+        Err(_) => {
+            return Err(item.reject_err(Outcome::Invalid(DiscardReason::InvalidMinidump)));
+        }


We also reject the item here if we just fail to read for the stream for any reason, but I think that is ok.

jjbayer · 2026-05-12T11:43:27Z

+        }
+    }
+    let head = head.freeze();
+    let replay = stream::once(future::ready(Ok(head.clone()))).chain(stream);


This is pretty elegant!

jjbayer · 2026-05-12T11:48:03Z

+    if head.starts_with(GZIP_MAGIC_HEADER)
+        || head.starts_with(XZ_MAGIC_HEADER)
+        || head.starts_with(BZIP2_MAGIC_HEADER)
+        || head.starts_with(ZSTD_MAGIC_HEADER)


nit: You could put this in a helper function get_compression(data: &[u8]) -> Option<HttpEncoding> and share the helper with decoder_from.

Not sure we can use it in decoder_from since that logic is slightly more sophisticated:

relay/relay-server/src/endpoints/minidump.rs

Lines 143 to 162 in 0f95e1e

/// Creates a decoder based on the magic bytes the minidump payload

fn decoder_from(minidump_data: Bytes) -> Option<Box<dyn Read>> {

if minidump_data.starts_with(GZIP_MAGIC_HEADER) {

return Some(Box::new(GzDecoder::new(Cursor::new(minidump_data))));

} else if minidump_data.starts_with(XZ_MAGIC_HEADER) {

return Some(Box::new(XzDecoder::new(Cursor::new(minidump_data))));

} else if minidump_data.starts_with(BZIP2_MAGIC_HEADER) {

return Some(Box::new(BzDecoder::new(Cursor::new(minidump_data))));

} else if minidump_data.starts_with(ZSTD_MAGIC_HEADER) {

return match ZstdDecoder::new(Cursor::new(minidump_data)) {

Ok(decoder) => Some(Box::new(decoder)),

Err(ref err) => {

relay_log::error!(error = err as &dyn Error, "failed to create ZstdDecoder");

None

}

};

}

None

}

My thinking was something like

fn decoder_from(minidump_data: Bytes) -> Option<Box<dyn Read>> { match get_compression(minidump_data) { HttpEncoding::Gzip => Some(Box::new(GzDecoder::new(Cursor::new(minidump_data))))

Discussed offline, we're hesitant to add uncommon variants to the HttpEncoding enum so this would require a separate enum -> not worth the effort.

Co-authored-by: Joris Bayer <joris.bayer@sentry.io>

jjbayer · 2026-05-12T13:08:59Z

+    if head.starts_with(GZIP_MAGIC_HEADER)
+        || head.starts_with(XZ_MAGIC_HEADER)
+        || head.starts_with(BZIP2_MAGIC_HEADER)
+        || head.starts_with(ZSTD_MAGIC_HEADER)


Discussed offline, we're hesitant to add uncommon variants to the HttpEncoding enum so this would require a separate enum -> not worth the effort.

…/no-compressed-streams

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 456f391. Configure here.}

cursor · 2026-05-22T08:05:08Z

+        Ok(stream) => stream,
+        Err(_) => {
+            return Err(item.reject_err(Outcome::Invalid(DiscardReason::InvalidMinidump)));
+        }


Multipart field body not drained

Medium Severity

When a streamed minidump is rejected as compressed, only the peeked prefix is read and the rest of the multipart Field stream is dropped without being consumed. Later parts in the same upload may not parse correctly, so typical multi-file minidump requests can fail unpredictably after rejection.

Additional Locations (1)

relay-server/src/endpoints/minidump.rs#L89-L96

^{Reviewed by Cursor Bugbot for commit 456f391. Configure here.}

guard against compressed minidump streams

704d676

tobias-wilfert added the skip-changelog label May 12, 2026

tobias-wilfert self-assigned this May 12, 2026

tobias-wilfert requested a review from jjbayer May 12, 2026 11:24

modify test to include compressed attachment

9fa69d3

tobias-wilfert commented May 12, 2026

View reviewed changes

tobias-wilfert and others added 2 commits May 12, 2026 13:41

remove unneeded static

0f95e1e

Merge branch 'master' into tobias-wilfert/feat/no-compressed-streams

12dfab9

jjbayer reviewed May 12, 2026

View reviewed changes

tobias-wilfert and others added 3 commits May 12, 2026 13:52

Update relay-server/src/endpoints/minidump.rs

4628618

Co-authored-by: Joris Bayer <joris.bayer@sentry.io>

move peek_n to utils

e13a4ef

fix lint

31207ba

tobias-wilfert marked this pull request as ready for review May 12, 2026 12:31

tobias-wilfert requested a review from a team as a code owner May 12, 2026 12:31

sentry Bot reviewed May 12, 2026

View reviewed changes