Segfault in DoCompactionWork caused by buffer overflow
Summary:
The code was allocating 200 bytes on the stack but it
writes 256 bytes into the array.
x8a8ea5 std::_Rb_tree<>::erase()
@ 0x7f134bee7eb0 (unknown)
@ 0x8a8ea5 std::_Rb_tree<>::erase()
@ 0x8a35d6 leveldb::DBImpl::CleanupCompaction()
@ 0x8a7810 leveldb::DBImpl::BackgroundCompaction()
@ 0x8a804d leveldb::DBImpl::BackgroundCall()
@ 0x8c4eff leveldb::(anonymous namespace)::PosixEnv::BGThreadWrapper()
@ 0x7f134b3c010d start_thread
@ 0x7f134bf9f10d clone
Test Plan: run db_bench with overwrite option
Reviewers: heyongqiang
Reviewed By: heyongqiang
Differential Revision: https://reviews.facebook.net/D5595
This commit is contained in:
Dhruba Borthakur
parent
9e84834eb4
commit
bb2dcd2457
@ -948,8 +948,8 @@ Status DBImpl::DoCompactionWork(CompactionState* compact) {
|
||||
compact->compaction->level(),
|
||||
compact->compaction->num_input_files(1),
|
||||
compact->compaction->level() + 1);
|
||||
char scratch[200];
|
||||
compact->compaction->Summary(scratch, 256);
|
||||
char scratch[256];
|
||||
compact->compaction->Summary(scratch, sizeof(scratch));
|
||||
Log(options_.info_log, "Compaction start summary: %s\n", scratch);
|
||||
|
||||
assert(versions_->NumLevelFiles(compact->compaction->level()) > 0);
|
||||
|
||||
@ -1620,10 +1620,10 @@ void Compaction::Summary(char* output, int len) {
|
||||
return;
|
||||
|
||||
char level_low_summary[100];
|
||||
InputSummary(inputs_[0], level_low_summary, 100);
|
||||
InputSummary(inputs_[0], level_low_summary, sizeof(level_low_summary));
|
||||
char level_up_summary[100];
|
||||
if (inputs_[1].size()) {
|
||||
InputSummary(inputs_[1], level_up_summary, 100);
|
||||
InputSummary(inputs_[1], level_up_summary, sizeof(level_up_summary));
|
||||
} else {
|
||||
level_up_summary[0] = '\0';
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user