fix: deep-copy user mutated attributes

[giortzisg]

Description

Since the addition of Telemetry Buffers moves the serialization to a background worker, user provided attributes that can be mutated should be deep copied, to avoid panics during serialization.

[codecov]

Codecov Report

❌ Patch coverage is 28.84615% with 74 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.83%. Comparing base (34261f3) to head (647e8aa).

Files with missing lines	Patch %	Lines
deepcopy.go	24.32%	50 Missing and 6 partials ⚠️
client.go	0.00%	18 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1148      +/-   ##
==========================================
- Coverage   86.85%   85.83%   -1.02%     
==========================================
  Files          62       63       +1     
  Lines        6092     6184      +92     
==========================================
+ Hits         5291     5308      +17     
- Misses        587      656      +69     
- Partials      214      220       +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cursor]

Bug: Nil values in nested maps/slices cause data loss or panic

When deepCopyValue returns nil for a nil value in a nested structure, reflect.ValueOf(nil) produces an invalid reflect.Value. For maps, calling SetMapIndex with an invalid Value silently deletes the key, causing data loss. For slices and arrays, calling Set with an invalid Value causes a panic. This affects user-provided Extra and Context data containing nested collections with nil values.

Additional Locations (2)

• deepcopy.go#L49-L51
• deepcopy.go#L56-L58

 

[lcian]

Correct me if I'm wrong, but:
this was here already and was not causing problems, and it's a separate code path from the buffer/transport, so I don't think this should be changed at all.
I assume this was deliberately done this way because scope forking happens frequently and so you wouldn't want to do an expensive deep copy.

[lcian]

same as above

[lcian]

Nested in Event there are other things we might care about, for example a Span can have Data (and apparently tags and extra), same about Log attributes, etc. Do we care about those?

[aldy505]

...or we can serialize it up front, and then send them to telemetry buffer after serialization? I would assume doing deep copy would inflict in more RAM usage than just serialize it up front.

[giortzisg]

...or we can serialize it up front, and then send them to telemetry buffer after serialization?

I was weighting both approaches, but i think that pre-serialization has more drawbacks:

• the scheduler needs the whole event, to get the trace context to build the envelope (we would need to pass metadata around, along with the serialized event)
• batching logic for logs/spans would also require metadata and more complicated
• performance wise, it's better to serialize on the background for:
  • request latency for the user is low
  • when rate limited we drop immediately, skipping serialization completely

I would assume doing deep copy would inflict in more RAM

That is a valid concern but we only keep the copy around till we flush the event (short lifespan) and other SDKs already copy some event data.

[sentry]

Bug: The Event.Tags map is not deep-copied before being passed to the telemetry buffer, creating a risk of a concurrent map access panic if the user mutates it.
_{Severity: HIGH | Confidence: High}

🔍 Detailed Analysis

When an event is captured with telemetry enabled, several of its fields are deep-copied to prevent data races during background serialization. However, the Event.Tags map, which is a user-mutable field, is not being deep-copied. If a user modifies the event.Tags map after calling CaptureEvent(), a concurrent map access panic will occur when the background worker attempts to serialize the event for telemetry. This omission is inconsistent with the handling of other mutable fields like Extra and Contexts.

💡 Suggested Fix

In client.go, before adding the event to the telemetry buffer, perform a deep copy of the event.Tags map, similar to how other mutable fields are handled. For example: if event.Tags != nil { eventToBuffer.Tags = deepCopyMapStringString(event.Tags) }.

🤖 Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: client.go#L766

Potential issue: When an event is captured with telemetry enabled, several of its fields
are deep-copied to prevent data races during background serialization. However, the
`Event.Tags` map, which is a user-mutable field, is not being deep-copied. If a user
modifies the `event.Tags` map after calling `CaptureEvent()`, a concurrent map access
panic will occur when the background worker attempts to serialize the event for
telemetry. This omission is inconsistent with the handling of other mutable fields like
`Extra` and `Contexts`.

_{Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8279488}

[cursor]

Tags field missing deep copy in telemetry buffer

High Severity

The Tags field is not deep copied when buffering events for background serialization, while other map[string]string fields like Modules and User.Data are. Since eventToBuffer := *event creates a shallow copy, eventToBuffer.Tags still references the same underlying map as event.Tags. If a user mutates the tags map after the event is queued, this could cause a race condition or panic during serialization in the background worker.