Document out-of-memory case limitation

psiphon/dataStoreRecovery_test.go

@@ -195,20 +195,20 @@ func TestBoltResiliency(t *testing.T) {
 
 	truncateDataStore := func() {
 		filename := filepath.Join(testDataDirName, "ca.psiphon.PsiphonTunnel.tunnel-core", "datastore", "psiphon.boltdb")
-		configFile, err := os.OpenFile(filename, os.O_RDWR, 0666)
+		file, err := os.OpenFile(filename, os.O_RDWR, 0666)
 		if err != nil {
 			t.Fatalf("OpenFile failed: %s", err)
 		}
-		defer configFile.Close()
-		fileInfo, err := configFile.Stat()
+		defer file.Close()
+		fileInfo, err := file.Stat()
 		if err != nil {
 			t.Fatalf("Stat failed: %s", err)
 		}
-		err = configFile.Truncate(fileInfo.Size() / 4)
+		err = file.Truncate(fileInfo.Size() / 4)
 		if err != nil {
 			t.Fatalf("Truncate failed: %s", err)
 		}
-		err = configFile.Sync()
+		err = file.Sync()
 		if err != nil {
 			t.Fatalf("Sync failed: %s", err)
 		}

psiphon/dataStore_bolt.go

@@ -108,6 +108,11 @@ func tryDatastoreOpenDB(
 	// To handle this, we temporarily set SetPanicOnFault in order to treat the
 	// fault as a panic, recover any panic, and return an error which will result
 	// in a retry with reset.
+	//
+	// Limitation: another potential crash case is "fatal error: out of
+	// memory" due to bolt.freelist.read attempting to allocate a slice using
+	// a corrupted size value on disk. There is no way to recover from this
+	// fatal.
 
 	// Begin recovery preamble
 	panicOnFault := debug.SetPanicOnFault(true)