diff options
| author | leveldb Team <no-reply@google.com> | 2023-04-18 22:38:59 +0000 |
|---|---|---|
| committer | Austin Sullivan <asully@chromium.org> | 2023-04-20 18:09:06 +0000 |
| commit | 068d5ee1a3ac40dabd00d211d5013af44be55bea (patch) | |
| tree | 68c14acd3f5b5e3e3154b5ec658397dba4e960f8 | |
| parent | c61238dcf39bdcfb6ef27abbda35b4cbf42b9002 (diff) | |
| download | leveldb-068d5ee1a3ac40dabd00d211d5013af44be55bea.tar.gz leveldb-068d5ee1a3ac40dabd00d211d5013af44be55bea.zip | |
leveldb: Check slice length in Footer::DecodeFrom()
Without this check decoding the footer in Table::Open() can read
uninitialized bytes from a buffer allocated on the stack if the file
was unexpectedly short.
In practice this is probably fine since this function validates a magic
number but MSan complains about branching on uninitialized data.
PiperOrigin-RevId: 525271012
| -rw-r--r-- | table/format.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/table/format.cc b/table/format.cc index 7647372..ae998c1 100644 --- a/table/format.cc +++ b/table/format.cc @@ -41,6 +41,10 @@ void Footer::EncodeTo(std::string* dst) const { } Status Footer::DecodeFrom(Slice* input) { + if (input->size() < kEncodedLength) { + return Status::Corruption("not an sstable (footer too short)"); + } + const char* magic_ptr = input->data() + kEncodedLength - 8; const uint32_t magic_lo = DecodeFixed32(magic_ptr); const uint32_t magic_hi = DecodeFixed32(magic_ptr + 4); |