fix/unbounded download dos (#12445)

gr2m · claude · vercel[bot] · web-flow · commit 4024a3af6d41 · 2026-02-12T11:56:13.000-08:00
- Replace unbounded `arrayBuffer()`/`blob()` calls in `download()` and `downloadBlob()` with streaming reads that enforce a **2 GiB default size limit** - Add `abortSignal` passthrough from callers (`transcribe`, `generateVideo`) to `fetch()` - Check `Content-Length` header for early rejection before reading body - Track bytes incrementally via `ReadableStream.getReader()`, abort with `DownloadError` when limit exceeded - Expose configurable `download` parameter on `transcribe()` and `experimental_generateVideo()` (instead of adding a new `maxDownloadSize` argument) — keeps download config separate from API function signatures - Export `createDownload({ maxBytes })` factory from `ai` for custom size limits closes #9481 / addresses #9481 (comment) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com>
diff --git a/.changeset/fix-unbounded-download-dos.md b/.changeset/fix-unbounded-download-dos.md
@@ -0,0 +1,10 @@
+---
+'ai': patch
+'@ai-sdk/provider-utils': patch
+---
+
+security: prevent unbounded memory growth in download functions
+
+The `download()` and `downloadBlob()` functions now enforce a default 2 GiB size limit when downloading from user-provided URLs. Downloads that exceed this limit are aborted with a `DownloadError` instead of consuming unbounded memory and crashing the process. The `abortSignal` parameter is now passed through to `fetch()` in all download call sites.
+
+Added `download` option to `transcribe()` and `experimental_generateVideo()` for providing a custom download function. Use the new `createDownload({ maxBytes })` factory to configure download size limits.
diff --git a/content/docs/03-ai-sdk-core/36-transcription.mdx b/content/docs/03-ai-sdk-core/36-transcription.mdx
@@ -54,21 +54,75 @@ const transcript = await transcribe({
 });
 ```
 
+### Download Size Limits
+
+When `audio` is a URL, the SDK downloads the file with a default **2 GiB** size limit.
+You can customize this using `createDownload`:
+
+```ts highlight="1,8"
+import { experimental_transcribe as transcribe, createDownload } from 'ai';
+import { openai } from '@ai-sdk/openai';
+
+const transcript = await transcribe({
+  model: openai.transcription('whisper-1'),
+  audio: new URL('https://example.com/audio.mp3'),
+  download: createDownload({ maxBytes: 50 * 1024 * 1024 }), // 50 MB limit
+});
+```
+
+You can also provide a fully custom download function:
+
+```ts highlight="6-12"
+import { experimental_transcribe as transcribe } from 'ai';
+import { openai } from '@ai-sdk/openai';
+
+const transcript = await transcribe({
+  model: openai.transcription('whisper-1'),
+  audio: new URL('https://example.com/audio.mp3'),
+  download: async ({ url }) => {
+    const res = await myAuthenticatedFetch(url);
+    return {
+      data: new Uint8Array(await res.arrayBuffer()),
+      mediaType: res.headers.get('content-type') ?? undefined,
+    };
+  },
+});
+```
+
+If a download exceeds the size limit, a `DownloadError` is thrown:
+
+```ts
+import { experimental_transcribe as transcribe, DownloadError } from 'ai';
+import { openai } from '@ai-sdk/openai';
+
+try {
+  await transcribe({
+    model: openai.transcription('whisper-1'),
+    audio: new URL('https://example.com/audio.mp3'),
+  });
+} catch (error) {
+  if (DownloadError.isInstance(error)) {
+    console.log('Download failed:', error.message);
+  }
+}
+```
+
 ### Abort Signals and Timeouts
 
 `transcribe` accepts an optional `abortSignal` parameter of
 type [`AbortSignal`](https://developer.mozilla.org/en-US/docs/Web/API/AbortSignal)
 that you can use to abort the transcription process or set a timeout.
 
+This is particularly useful when combined with URL downloads to prevent long-running requests:
+
 ```ts highlight="8"
 import { openai } from '@ai-sdk/openai';
 import { experimental_transcribe as transcribe } from 'ai';
-import { readFile } from 'fs/promises';
 
 const transcript = await transcribe({
   model: openai.transcription('whisper-1'),
-  audio: await readFile('audio.mp3'),
-  abortSignal: AbortSignal.timeout(1000), // Abort after 1 second
+  audio: new URL('https://example.com/audio.mp3'),
+  abortSignal: AbortSignal.timeout(5000), // Abort after 5 seconds
 });
 ```
 
diff --git a/content/docs/07-reference/01-ai-sdk-core/11-transcribe.mdx b/content/docs/07-reference/01-ai-sdk-core/11-transcribe.mdx
@@ -69,6 +69,13 @@ console.log(transcript);
       isOptional: true,
       description: 'Additional HTTP headers for the request.',
     },
+    {
+      name: 'download',
+      type: '(options: { url: URL; abortSignal?: AbortSignal }) => Promise<{ data: Uint8Array; mediaType: string | undefined }>',
+      isOptional: true,
+      description:
+        'Custom download function for fetching audio from URLs. Use `createDownload()` from `ai` to create a download function with custom size limits, e.g. `createDownload({ maxBytes: 50 * 1024 * 1024 })`. Default: built-in download with 2 GiB limit.',
+    },
   ]}
 />
 
diff --git a/content/docs/07-reference/01-ai-sdk-core/13-generate-video.mdx b/content/docs/07-reference/01-ai-sdk-core/13-generate-video.mdx
@@ -140,6 +140,13 @@ console.log(videos);
       isOptional: true,
       description: 'Additional HTTP headers for the request.',
     },
+    {
+      name: 'download',
+      type: '(options: { url: URL; abortSignal?: AbortSignal }) => Promise<{ data: Uint8Array; mediaType: string | undefined }>',
+      isOptional: true,
+      description:
+        'Custom download function for fetching videos from URLs. Use `createDownload()` from `ai` to create a download function with custom size limits, e.g. `createDownload({ maxBytes: 50 * 1024 * 1024 })`. Default: built-in download with 2 GiB limit.',
+    },
   ]}
 />
 
diff --git a/packages/ai/scripts/check-bundle-size.ts b/packages/ai/scripts/check-bundle-size.ts
@@ -3,7 +3,7 @@ import { writeFileSync, statSync } from 'fs';
 import { join } from 'path';
 
 // Bundle size limits in bytes
-const LIMIT = 555 * 1024;
+const LIMIT = 560 * 1024;
 
 interface BundleResult {
   size: number;
diff --git a/packages/ai/src/generate-video/generate-video.ts b/packages/ai/src/generate-video/generate-video.ts
@@ -25,7 +25,7 @@ import {
   imageMediaTypeSignatures,
   videoMediaTypeSignatures,
 } from '../util/detect-media-type';
-import { download } from '../util/download/download';
+import { createDownload } from '../util/download/create-download';
 import { prepareRetries } from '../util/prepare-retries';
 import { VERSION } from '../version';
 import type { GenerateVideoResult } from './generate-video-result';
@@ -57,6 +57,8 @@ export type GenerateVideoPrompt =
  *
  * @returns A result object that contains the generated videos.
  */
+const defaultDownload = createDownload();
+
 export async function experimental_generateVideo({
   model: modelArg,
   prompt: promptArg,
@@ -71,6 +73,7 @@ export async function experimental_generateVideo({
   maxRetries: maxRetriesArg,
   abortSignal,
   headers,
+  download: downloadFn = defaultDownload,
 }: {
   /**
    * The video model to use.
@@ -140,6 +143,17 @@ export async function experimental_generateVideo({
    * Only applicable for HTTP-based providers.
    */
   headers?: Record<string, string>;
+
+  /**
+   * Custom download function for fetching videos from URLs.
+   * Use `createDownload()` from `ai` to create a download function with custom size limits.
+   *
+   * @default createDownload() (2 GiB limit)
+   */
+  download?: (options: {
+    url: URL;
+    abortSignal?: AbortSignal;
+  }) => Promise<{ data: Uint8Array; mediaType: string | undefined }>;
 }): Promise<GenerateVideoResult> {
   const model = resolveVideoModel(modelArg);
 
@@ -195,8 +209,9 @@ export async function experimental_generateVideo({
     for (const videoData of result.videos) {
       switch (videoData.type) {
         case 'url': {
-          const { data, mediaType: downloadedMediaType } = await download({
+          const { data, mediaType: downloadedMediaType } = await downloadFn({
             url: new URL(videoData.url),
+            abortSignal,
           });
 
           // Filter out generic/unknown media types that should fall through to detection
diff --git a/packages/ai/src/transcribe/transcribe.ts b/packages/ai/src/transcribe/transcribe.ts
@@ -10,7 +10,7 @@ import {
   audioMediaTypeSignatures,
   detectMediaType,
 } from '../util/detect-media-type';
-import { download } from '../util/download/download';
+import { createDownload } from '../util/download/create-download';
 import { prepareRetries } from '../util/prepare-retries';
 import { TranscriptionResult } from './transcribe-result';
 import { VERSION } from '../version';
@@ -29,13 +29,16 @@ import { Warning } from '../types';
  *
  * @returns A result object that contains the generated transcript.
  */
+const defaultDownload = createDownload();
+
 export async function transcribe({
   model,
   audio,
   providerOptions = {},
   maxRetries: maxRetriesArg,
   abortSignal,
   headers,
+  download: downloadFn = defaultDownload,
 }: {
   /**
    * The transcription model to use.
@@ -80,6 +83,17 @@ export async function transcribe({
    * Only applicable for HTTP-based providers.
    */
   headers?: Record<string, string>;
+
+  /**
+   * Custom download function for fetching audio from URLs.
+   * Use `createDownload()` from `ai` to create a download function with custom size limits.
+   *
+   * @default createDownload() (2 GiB limit)
+   */
+  download?: (options: {
+    url: URL;
+    abortSignal?: AbortSignal;
+  }) => Promise<{ data: Uint8Array; mediaType: string | undefined }>;
 }): Promise<TranscriptionResult> {
   const resolvedModel = resolveTranscriptionModel(model);
   if (!resolvedModel) {
@@ -98,7 +112,7 @@ export async function transcribe({
 
   const audioData =
     audio instanceof URL
-      ? (await download({ url: audio })).data
+      ? (await downloadFn({ url: audio, abortSignal })).data
       : convertDataContentToUint8Array(audio);
 
   const result = await retry(() =>
diff --git a/packages/ai/src/util/download/create-download.ts b/packages/ai/src/util/download/create-download.ts
@@ -0,0 +1,13 @@
+import { download as internalDownload } from './download';
+
+/**
+ * Creates a download function with configurable options.
+ *
+ * @param options - Configuration options for the download function.
+ * @param options.maxBytes - Maximum allowed download size in bytes. Default: 2 GiB.
+ * @returns A download function that can be passed to `transcribe()` or `experimental_generateVideo()`.
+ */
+export function createDownload(options?: { maxBytes?: number }) {
+  return ({ url, abortSignal }: { url: URL; abortSignal?: AbortSignal }) =>
+    internalDownload({ url, maxBytes: options?.maxBytes, abortSignal });
+}
diff --git a/packages/ai/src/util/download/download.test.ts b/packages/ai/src/util/download/download.test.ts
@@ -1,10 +1,11 @@
 import { createTestServer } from '@ai-sdk/test-server/with-vitest';
 import { DownloadError } from '@ai-sdk/provider-utils';
 import { download } from './download';
-import { describe, it, expect } from 'vitest';
+import { describe, it, expect, vi } from 'vitest';
 
 const server = createTestServer({
   'http://example.com/file': {},
+  'http://example.com/large': {},
 });
 
 describe('download', () => {
@@ -66,4 +67,52 @@ describe('download', () => {
       expect(error).toBeInstanceOf(DownloadError);
     }
   });
+
+  it('should abort when response exceeds default size limit', async () => {
+    // Create a response that claims to be larger than 2 GiB
+    server.urls['http://example.com/large'].response = {
+      type: 'binary',
+      headers: {
+        'content-type': 'application/octet-stream',
+        'content-length': `${3 * 1024 * 1024 * 1024}`,
+      },
+      body: Buffer.from(new Uint8Array(10)),
+    };
+
+    try {
+      await download({
+        url: new URL('http://example.com/large'),
+      });
+      expect.fail('Expected download to throw');
+    } catch (error: unknown) {
+      expect(DownloadError.isInstance(error)).toBe(true);
+      expect((error as DownloadError).message).toContain(
+        'exceeded maximum size',
+      );
+    }
+  });
+
+  it('should pass abortSignal to fetch', async () => {
+    const controller = new AbortController();
+    controller.abort();
+
+    server.urls['http://example.com/file'].response = {
+      type: 'binary',
+      headers: {
+        'content-type': 'application/octet-stream',
+      },
+      body: Buffer.from(new Uint8Array([1, 2, 3])),
+    };
+
+    try {
+      await download({
+        url: new URL('http://example.com/file'),
+        abortSignal: controller.signal,
+      });
+      expect.fail('Expected download to throw');
+    } catch (error: unknown) {
+      // The fetch should be aborted, resulting in a DownloadError wrapping an AbortError
+      expect(DownloadError.isInstance(error)).toBe(true);
+    }
+  });
 });
diff --git a/packages/ai/src/util/download/download.ts b/packages/ai/src/util/download/download.ts
@@ -1,4 +1,8 @@
-import { DownloadError } from '@ai-sdk/provider-utils';
+import {
+  DownloadError,
+  readResponseWithSizeLimit,
+  DEFAULT_MAX_DOWNLOAD_SIZE,
+} from '@ai-sdk/provider-utils';
 import {
   withUserAgentSuffix,
   getRuntimeEnvironmentUserAgent,
@@ -9,11 +13,21 @@ import { VERSION } from '../../version';
  * Download a file from a URL.
  *
  * @param url - The URL to download from.
+ * @param maxBytes - Maximum allowed download size in bytes. Defaults to 100 MiB.
+ * @param abortSignal - An optional abort signal to cancel the download.
  * @returns The downloaded data and media type.
  *
- * @throws DownloadError if the download fails.
+ * @throws DownloadError if the download fails or exceeds maxBytes.
  */
-export const download = async ({ url }: { url: URL }) => {
+export const download = async ({
+  url,
+  maxBytes,
+  abortSignal,
+}: {
+  url: URL;
+  maxBytes?: number;
+  abortSignal?: AbortSignal;
+}) => {
   const urlText = url.toString();
   try {
     const response = await fetch(urlText, {
@@ -22,6 +36,7 @@ export const download = async ({ url }: { url: URL }) => {
         `ai-sdk/${VERSION}`,
         getRuntimeEnvironmentUserAgent(),
       ),
+      signal: abortSignal,
     });
 
     if (!response.ok) {
@@ -32,8 +47,14 @@ export const download = async ({ url }: { url: URL }) => {
       });
     }
 
+    const data = await readResponseWithSizeLimit({
+      response,
+      url: urlText,
+      maxBytes: maxBytes ?? DEFAULT_MAX_DOWNLOAD_SIZE,
+    });
+
     return {
-      data: new Uint8Array(await response.arrayBuffer()),
+      data,
       mediaType: response.headers.get('content-type') ?? undefined,
     };
   } catch (error) {
diff --git a/packages/ai/src/util/index.ts b/packages/ai/src/util/index.ts
@@ -1,6 +1,7 @@
 export type { AsyncIterableStream } from './async-iterable-stream';
 export { consumeStream } from './consume-stream';
 export { cosineSimilarity } from './cosine-similarity';
+export { createDownload } from './download/create-download';
 export { getTextFromDataUrl } from './data-url';
 export type { DeepPartial } from './deep-partial';
 export type { DownloadFunction as Experimental_DownloadFunction } from './download/download-function';
diff --git a/packages/provider-utils/src/download-blob.test.ts b/packages/provider-utils/src/download-blob.test.ts
diff --git a/packages/provider-utils/src/download-blob.ts b/packages/provider-utils/src/download-blob.ts
diff --git a/packages/provider-utils/src/index.ts b/packages/provider-utils/src/index.ts
diff --git a/packages/provider-utils/src/read-response-with-size-limit.test.ts b/packages/provider-utils/src/read-response-with-size-limit.test.ts
diff --git a/packages/provider-utils/src/read-response-with-size-limit.ts b/packages/provider-utils/src/read-response-with-size-limit.ts
