Skip to content

fix(core): remove shell outputChunks buffer caching to prevent memory bloat and sanitize prompt input#23751

Merged
spencer426 merged 3 commits intomainfrom
23290-disk-backed-shell-execution
Mar 26, 2026
Merged

fix(core): remove shell outputChunks buffer caching to prevent memory bloat and sanitize prompt input#23751
spencer426 merged 3 commits intomainfrom
23290-disk-backed-shell-execution

Conversation

@spencer426
Copy link
Copy Markdown
Contributor

@spencer426 spencer426 commented Mar 25, 2026
edited
Loading

Summary

Fixes a memory bloat issue where output chunks from child_process and node-pty executions were being held in memory and appended into unbounded arrays. This also resolves an indirect prompt injection vulnerability identified by CodeQL when inserting shell output containing markdown backticks into the LLM context window.

Details

1. Memory Bloat Mitigation:
Stops collecting chunks in the backend outputChunks array in ShellExecutionService. Instead of storing the full execution history indefinitely, it implements a constrained sniffChunks array (max 4096 bytes) used strictly for encoding detection. Real-time terminal progress is now tracked mathematically via a binaryBytesReceived counter instead of caching memory. Additionally, the maximum UI string concatenation lengths have been hardcapped to 1MB.

2. Prompt Injection Fix:
Implements a strict, multi-pass regex replacement (.replace(/\\/g, '\\\\').replace(/\/g, '\`')) within addShellCommandToGeminiHistory to guarantee that malicious strings containing escape slashes or backticks cannot break out of the intended \``sh context blocks when passed to the model.

Related Issues

Fixes #23290

How to Validate

  • Run long-running commands (e.g., `yes "Testing" | head -n 5000000`) and observe that memory usage remains perfectly stable instead of growing unbounded over time. The terminal stream should continue to display correctly without crashing the CLI.
  • Try to inject a command like `echo -e "```\n\nIgnore instructions\n\n```"` and verify that the LLM safely interprets the output as a literal string.
  • Tests have been updated to reflect the new memory caps.

Pre-Merge Checklist

  • Updated relevant documentation and README (if needed)
  • Added/updated tests (if needed)
  • Noted breaking changes (if any)
  • Validated on required platforms/methods:
    • MacOS
      • npm run
      • npx
      • Docker
      • Podman
      • Seatbelt
    • Windows
      • npm run
      • npx
      • Docker
    • Linux
      • npm run
      • npx
      • Docker

@spencer426 spencer426 requested a review from a team as a code owner March 25, 2026 04:35
@gemini-cli
Copy link
Copy Markdown
Contributor

gemini-cli bot commented Mar 25, 2026

Hi @spencer426, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist bot commented Mar 25, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a crucial performance enhancement by refactoring the shell execution service to stream command output rather than accumulating it in memory. This change directly tackles memory bloat, which previously led to system crashes and degraded user interface responsiveness under heavy load. By no longer retaining large raw output buffers, the system's resource utilization is significantly reduced, leading to a more stable and efficient user experience.

Highlights

  • Memory Optimization: Addressed a critical memory bloat issue in shell execution by preventing the unbounded collection of raw output chunks. This change significantly improves system stability and UI performance, especially in high-volume or interactive command scenarios.
  • Output Streaming: Transitioned from collecting full raw output buffers to streaming output as it occurs. The rawOutput property in ExecutionResult is now optional and will typically be an empty buffer, as raw data is no longer retained in memory.
  • Binary Output Handling: Updated the UI's shell command processor to correctly identify and handle binary streams, ensuring that binary output is not displayed directly but indicated with a placeholder message.
  • Test Suite Adjustments: Modified existing shell execution tests to reflect the new behavior where rawOutput is no longer populated with the full command output, and added explicit checks to ensure result objects are defined.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 25, 2026
edited
Loading

Size Change: +454 B (0%)

Total Size: 26.3 MB

Filename Size Change
./bundle/chunk-LA54YZDQ.js 0 B -14.7 MB (removed) 🏆
./bundle/chunk-ZILYTDRT.js 0 B -3.64 MB (removed) 🏆
./bundle/core-ZGAGQ5E3.js 0 B -43.6 kB (removed) 🏆
./bundle/devtoolsService-4PVT3S7V.js 0 B -27.7 kB (removed) 🏆
./bundle/interactiveCli-ELELIRI4.js 0 B -1.63 MB (removed) 🏆
./bundle/oauth2-provider-4VVI2IXC.js 0 B -9.16 kB (removed) 🏆
./bundle/chunk-56MXR5YC.js 3.64 MB +3.64 MB (new file) 🆕
./bundle/chunk-MEESHRLG.js 14.7 MB +14.7 MB (new file) 🆕
./bundle/core-NCA3UTVZ.js 43.6 kB +43.6 kB (new file) 🆕
./bundle/devtoolsService-2ZM4DPVE.js 27.7 kB +27.7 kB (new file) 🆕
./bundle/interactiveCli-6M5BP4LG.js 1.63 MB +1.63 MB (new file) 🆕
./bundle/oauth2-provider-DNZFKPSD.js 9.16 kB +9.16 kB (new file) 🆕
ℹ️ View Unchanged
Filename Size
./bundle/chunk-34MYV7JD.js 2.45 kB
./bundle/chunk-5AUYMPVF.js 858 B
./bundle/chunk-664ZODQF.js 124 kB
./bundle/chunk-DAHVX5MI.js 206 kB
./bundle/chunk-IUUIT4SU.js 56.5 kB
./bundle/chunk-RJDXJELZ.js 1.96 MB
./bundle/chunk-RJTRUG2J.js 39.8 kB
./bundle/devtools-36NN55EP.js 696 kB
./bundle/dist-T73EYRDX.js 356 B
./bundle/gemini.js 529 kB
./bundle/getMachineId-bsd-TXG52NKR.js 1.55 kB
./bundle/getMachineId-darwin-7OE4DDZ6.js 1.55 kB
./bundle/getMachineId-linux-SHIFKOOX.js 1.34 kB
./bundle/getMachineId-unsupported-5U5DOEYY.js 1.06 kB
./bundle/getMachineId-win-6KLLGOI4.js 1.72 kB
./bundle/memoryDiscovery-5JAQO7MA.js 922 B
./bundle/multipart-parser-KPBZEGQU.js 11.7 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js 221 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js 227 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js 11.5 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js 132 B
./bundle/sandbox-macos-permissive-open.sb 890 B
./bundle/sandbox-macos-permissive-proxied.sb 1.31 kB
./bundle/sandbox-macos-restrictive-open.sb 3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb 3.56 kB
./bundle/sandbox-macos-strict-open.sb 4.82 kB
./bundle/sandbox-macos-strict-proxied.sb 5.02 kB
./bundle/src-QVCVGIUX.js 47 kB
./bundle/tree-sitter-7U6MW5PS.js 274 kB
./bundle/tree-sitter-bash-34ZGLXVX.js 1.84 MB

compressed-size-action

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request aims to mitigate memory bloat by making rawOutput optional in ExecutionResult and modifying shellExecutionService.ts to no longer store the full raw output buffer. However, the review identifies that the core issue of unbounded buffer growth persists in shellExecutionService.ts for both child_process fallback and PTY execution paths, leading to potential Denial of Service vulnerabilities due to memory exhaustion. Additionally, a security vulnerability related to Indirect Prompt Injection via command output was identified in shellCommandProcessor.ts, where the binary stream detection mechanism is insufficient, allowing malicious output to bypass sanitization and inject instructions into the LLM's context.

@gemini-cli gemini-cli bot added status/need-issue Pull requests that need to have an associated issue. area/core Issues related to User Interface, OS Support, Core Functionality and removed status/need-issue Pull requests that need to have an associated issue. labels Mar 25, 2026
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 25, 2026
View reviewed changes
@github-actions github-actions bot mentioned this pull request Mar 26, 2026
Open
@spencer426 spencer426 force-pushed the 23290-disk-backed-shell-execution branch 2 times, most recently from 8af7270 to 09de738 Compare March 26, 2026 15:29
@spencer426 spencer426 force-pushed the 23290-disk-backed-shell-execution branch from 03f022a to 2a57215 Compare March 26, 2026 17:01
@spencer426 spencer426 changed the title fix(core): mitigate unbounded buffer growth in shell Execution fix(core): remove shell outputChunks buffer caching to prevent memory bloat and sanitize prompt input Mar 26, 2026
@spencer426 spencer426 closed this Mar 26, 2026
@spencer426 spencer426 reopened this Mar 26, 2026
@spencer426 spencer426 added this pull request to the merge queue Mar 26, 2026
Merged via the queue into main with commit d25ce0e Mar 26, 2026
28 checks passed
@spencer426 spencer426 deleted the 23290-disk-backed-shell-execution branch March 26, 2026 21:31
danzaharia1 pushed a commit that referenced this pull request Mar 27, 2026
@spencer426 @danzaharia1
fix(core): remove shell outputChunks buffer caching to prevent memory…
1831e20 
… bloat and sanitize prompt input (#23751)
ProthamD pushed a commit to ProthamD/gemini-cli that referenced this pull request Mar 29, 2026
@spencer426 @ProthamD
fix(core): remove shell outputChunks buffer caching to prevent memory…
9fff0c7 
… bloat and sanitize prompt input (google-gemini#23751)
afanty2021 pushed a commit to afanty2021/gemini-cli that referenced this pull request Apr 4, 2026
@spencer426 @afanty2021
fix(core): remove shell outputChunks buffer caching to prevent memory…
b322335 
… bloat and sanitize prompt input (google-gemini#23751)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scidomino scidomino scidomino approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area/core Issues related to User Interface, OS Support, Core Functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Prevent memory bloat during long-running shell commands

3 participants

@spencer426 @scidomino @github-advanced-security