💾💥 MEMORY EXHAUSTION — FILL THE RAM 💥💾

🛡️ WHY MEMORY EXHAUSTION FAILS — HARD LIMITS AND ISOLATION

🚧

HARD PER-CONNECTION MEMORY LIMIT: 2 MB

Every incoming connection to CE has a hard memory limit enforced at the kernel level via cgroups v2. Request body larger than 2 MB? The connection is immediately closed with 413 (Request Entity Too Large) before the data is even read into userspace memory. CE never allocates heap memory for oversized requests. The 2 MB limit applies regardless of Content-Length spoofing — CE tracks actual bytes transferred. Your 10 GB payload never gets past byte 2,097,152.

🏗️

CGROUP v2 ISOLATION — EACH POD IN ITS OWN MEMORY JAIL

Each CE pod runs in its own Linux cgroup v2 with a hard memory.max limit of 8 GB. If a pod exceeds 8 GB (impossible given per-connection limits, but hypothetically), the kernel sends SIGKILL to that specific pod only. Kubernetes immediately schedules a replacement pod. The OOM kill of one pod has zero effect on other pods — they're all isolated. You'd need to OOM-kill all 47,239 nodes simultaneously, which would require 376 TB of payload bandwidth. You don't have that.

♻️

ARENA ALLOCATOR + MEMORY POOLING — ZERO FRAGMENTATION

CE's request handler uses arena allocators, not malloc/free. All memory for a request is allocated from a pre-allocated arena (4 MB per worker thread). When the request ends, the entire arena is reset — no fragmentation, no GC pressure, no heap growth. Even if you somehow got 1000 connections simultaneously to the maximum 2 MB limit, that's only 2 GB total in request buffers — within the 8 GB cgroup limit. And all of it is returned to the arena pool on connection close.

🧊

STREAMING PARSE — NEVER FULLY BUFFERED IN RAM

CE parses incoming requests as a stream — it processes each byte as it arrives without buffering the entire request body. For uploads: streaming directly to object storage. For JSON: streaming JSON parser that validates schema on-the-fly and rejects malformed data at the first invalid token. Maximum in-memory buffer at any point during parsing: 64 KB. Your "fill the RAM" attack never accumulates more than 64 KB per connection in CE's memory, regardless of total payload size.

"Your 50,000 requests, each with 500 MB payloads.
Total payload: 24.4 TB. Memory I consumed: 3.1 GB.
How? 2 MB per-connection hard limit. 64 KB streaming buffer. Arena allocators.
Your 500 MB request used 64 KB of my RAM for 0.003 seconds then was rejected.
Meanwhile, you uploaded 24.4 TB from your attack servers.
Your bill: ~$2,440. My extra memory usage: 0. I didn't even notice. 💾😴"
— CE Memory Manager, arena-allocated, deeply unbothered

Total payload sent: 0 TB · CE OOM kills: 0 · CE memory spike: <1%