refactor: switch _mark_seen eviction from clear() to pop() and raise cap to 512

bdraco · bdraco · commit ba5de3a22f3c · 2026-05-17T19:14:39.000-07:00
Smooth out the overflow path: instead of dropping the entire set at
once when it hits the bound (which then re-emits warning-level logs
for every previously-deduped key on its next occurrence), evict one
arbitrary entry per insert past the bound. The cap effectively becomes
a recency window of size `_MAX_SEEN_LOGS`.

Also raises the bound from 256 to 512. Memory cost stays trivial
(~40 KB of short exception strings), but under sustained malformed-
packet pressure ops sees a steady trickle of new warnings rather than
a burst of re-emissions every few hundred packets.
diff --git a/src/zeroconf/_logger.py b/src/zeroconf/_logger.py
@@ -39,20 +39,22 @@ def set_logger_level_if_unset() -> None:
 set_logger_level_if_unset()
 
 
-_MAX_SEEN_LOGS = 256
+_MAX_SEEN_LOGS = 512
 _seen_logs: set[str] = set()
 
 
 def _mark_seen(seen: set[str], key: str) -> bool:
     """Record ``key`` in ``seen`` and return True if it was newly added.
 
     Bounds the set so callers passing attacker-influenced keys (peer
-    addresses, packet offsets) cannot grow it without bound.
+    addresses, packet offsets) cannot grow it without bound. Evicts
+    one arbitrary entry per overflow so warning-level re-emissions
+    stay smooth rather than arriving in bursts.
     """
     if key in seen:
         return False
     if len(seen) >= _MAX_SEEN_LOGS:
-        seen.clear()
+        seen.pop()
     seen.add(key)
     return True
 
