[BUG]: Changing host date causes aggressive and unlimited memory allocation

[stavsap]

What version of Ristretto are you using?

happens on v1.0.0 until v2.0.1

What version of Go are you using?

go version go1.23.2

Have you tried reproducing the issue with the latest release?

Yes

What is the hardware spec (RAM, CPU, OS)?

Ubuntu 22.04 LTS

linux/amd64

Host: VMware Virtual Platform None
Kernel: 5.15.0-127-generic
Shell: bash 5.1.16
CPU: Intel Xeon Gold 6258R (4) @ 2.693GHz
GPU: 00:0f.0 VMware SVGA II Adapter
Memory: 7937MiB

What steps will reproduce the bug?

set the OS date

sudo date --set "12 Dec 2000 15:00:00"

execute application using risttretto cache

while app is running

sudo date --set "12 Dec 2024 15:00:00"

Expected behavior and actual result.

Expected:
memory should not be affected

Actual:

memory is allocated infinitely by ristretto

Additional information

the application is idling during test, there is not active cache usage.

the memory allocation happens fast until the host memory is consumed, if running in a slice then the service is killed due to memory limit.

this might pose a security issue to the host with applications using this cache since time change can cause denial of service for the host. in my case its pretty uncommon (24 years delta) but i dont know the actual minimum delta that this might happen.

doesn't happen on version v0.2.0 and below.

[stavsap]

reproduce code

package main

import (
	"github.com/dgraph-io/ristretto"
	"time"
)

func main() {
	_, err := ristretto.NewCache(&ristretto.Config[string, any]{
		NumCounters: int64(1000),
		MaxCost:     int64(2000),
		BufferItems: 64,
		Metrics:     false,
	})

	if err != nil {
		panic(err)
	}

	time.Sleep(time.Hour)

}

go.mod

module main

go 1.23

require (
	github.com/cespare/xxhash/v2 v2.3.0 // indirect
	github.com/dgraph-io/ristretto v1.0.0 // indirect
	github.com/dustin/go-humanize v1.0.1 // indirect
	github.com/pkg/errors v0.9.1 // indirect
	golang.org/x/sys v0.25.0 // indirect
)

[flymedllva]

I'm having the same problem