prometheus icon indicating copy to clipboard operation
prometheus copied to clipboard
verified publisher icon prometheus

Set and check (and document) a global label_value_length_limit

Open bboreham opened this issue 8 months ago • 9 comments

Proposal

Prometheus has label_name_length_limit and label_value_length_limit, currently defaulted to no limit.

After #16069, Prometheus will crash if you give it a name or value longer than 16MB, so we should at least have a default limit lower than that.

I think that a reasonable limit would be more like 200 bytes, but I am aware of people doing exciting things like storing a bitmap in a label. Maybe we could go with something like 1MB?

The code checking limits while scraping would need to check before constructing the Labels data structure, and we should check in other places such as the remote-write receiver, label_replace, label_join.

bboreham avatar Apr 30 '25 09:04 bboreham

we may also need to update the data model https://prometheus.io/docs/concepts/data_model/#metric-names-and-labels

machine424 avatar Apr 30 '25 09:04 machine424

Hello from the bug scrub!

As we already have an implicit limit now, it sounds reasonable to document that and maybe make it configurable.

Implementing this in scrape should be quite easy.

beorn7 avatar Oct 07 '25 11:10 beorn7

Hi! I've submitted a PR to address this issue: #17309

Implementation Summary:

The fix adds label value length validation (16MB limit) to the remote write handler before ToLabels() deserialization to prevent the panic.

Key points:

  • ✅ Validates raw protobuf data before calling ToLabels()
    • V1: Checks ts.Labels directly
    • V2: Checks req.Symbols via LabelsRefs
  • ✅ Protocol-specific error handling:
    • V1: Logs warning and continues (best-effort, matches existing duplicate label behavior)
    • V2: Returns 400 Bad Request with detailed error message
  • ✅ Comprehensive tests covering both protocols (normal, at-limit, exceeds-limit)
  • ✅ All CI checks passing

Phase 2 plan:

  • Make the limit configurable via GlobalConfig.LabelValueLengthLimit
  • Unify with existing scrape configuration
  • Add validation to PromQL functions

Looking forward to feedback! 🙏

fancive avatar Oct 08 '25 12:10 fancive

Hi @beorn7 Could u please Assign this good first issue to me ?

Sumiitkumar avatar Nov 24 '25 18:11 Sumiitkumar

@Sumiitkumar as you can see, this issue is already assigned to @fancive and actively being worked on, see #17309.

beorn7 avatar Nov 25 '25 12:11 beorn7

Hi @beorn7 I’d like to volunteer to take on issue #16525 (Set and check a global label_value_length_limit).

I’ve reviewed the proposal description and I believe I can implement the necessary changes. I request that you assign this issue to me.

Outline of my proposed solution:

Introduce a global default limit (e.g. 1 MB, as suggested) for label name and label value length.

Add validation checks: - At scrape time, before constructing the internal Labels data structure. - In other codepaths: remote-write receiver, functions like label_replace, label_join, etc.

Update documentation to reflect the new default limits and configuration flags (label_name_length_limit, label_value_length_limit).

Add tests covering edge cases: e.g. behaviour when label length exceeds limit, error messages returned, remote-write inputs, label manipulation functions, etc.

If this is acceptable, please mark me as the assignee and I’ll prepare a PR. Thank you!

Kulraj69 avatar Dec 01 '25 22:12 Kulraj69

@Kulraj69 as you can see, this issue is already assigned to @fancive and actively being worked on, see #17309.

beorn7 avatar Dec 02 '25 09:12 beorn7

Got it,

Kulraj69 avatar Dec 02 '25 21:12 Kulraj69

"Hello, I'm new to Prometheus and I would like to try solving this good first issue. Can I take it up

adityatyagi821 avatar Dec 09 '25 08:12 adityatyagi821

@adityatyagi821 as you can see, this issue is already assigned to @fancive and actively being worked on, see #17309.

beorn7 avatar Dec 14 '25 16:12 beorn7

@beorn7 as he hasn't raised any Pull request till now could u please assign this to me as it's been many Days.

Sumiitkumar avatar Dec 14 '25 16:12 Sumiitkumar

Draft Reply:

Subject: Re: [Issue ]

​Dear Björn,

​Thank you for the clarification. I understand that this issue is currently assigned to @fancive and is being actively worked on.

​However, I am still very interested in contributing to this project. Please keep me in mind if this issue becomes available again in the future. Alternatively, if there are other open issues suitable for a new contributor, I would love to take them up.

​Best regards,

​Aditya

On Sun, 14 Dec 2025, 21:43 Sumit Kumar, @.***> wrote:

Sumiitkumar left a comment (prometheus/prometheus#16525) https://github.com/prometheus/prometheus/issues/16525#issuecomment-3651585675

@beorn7 https://github.com/beorn7 as he hasn't raised any Pull request till now could u please assign this to me as it's been many Days.

— Reply to this email directly, view it on GitHub https://github.com/prometheus/prometheus/issues/16525#issuecomment-3651585675, or unsubscribe https://github.com/notifications/unsubscribe-auth/BS3VFKJHHLYC2TV2G5KCUIL4BWED3AVCNFSM6AAAAAB4FDB7I6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTMNJRGU4DKNRXGU . You are receiving this because you were mentioned.Message ID: @.***>

adityatyagi821 avatar Dec 15 '25 04:12 adityatyagi821