From de81e023ca95dad2c242a250f34fe443b5273c6e Mon Sep 17 00:00:00 2001
From: Tristan Swadell <tswadell@google.com>
Date: Thu, 5 Jan 2023 10:36:41 -0800
Subject: [PATCH] Thread-safety fix for unprotected mutation of decorator set.
 (#622)

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
---
 cel/program.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cel/program.go b/cel/program.go
index 8fbd350a..6206a2af 100644
--- a/cel/program.go
+++ b/cel/program.go
@@ -201,7 +201,10 @@ func newProgram(e *Env, ast *Ast, opts []ProgramOption) (Program, error) {
 		factory := func(state interpreter.EvalState, costTracker *interpreter.CostTracker) (Program, error) {
 			costTracker.Estimator = p.callCostEstimator
 			costTracker.Limit = p.costLimit
-			decs := decorators
+			// Limit capacity to guarantee a reallocation when calling 'append(decs, ...)' below. This
+			// prevents the underlying memory from being shared between factory function calls causing
+			// undesired mutations.
+			decs := decorators[:len(decorators):len(decorators)]
 			var observers []interpreter.EvalObserver
 
 			if p.evalOpts&(OptExhaustiveEval|OptTrackState) != 0 {