Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libroach: ensure correct lifetime for resume_key on reverse iteration #32492

Merged
merged 1 commit into from
Nov 20, 2018
Merged

libroach: ensure correct lifetime for resume_key on reverse iteration #32492

merged 1 commit into from
Nov 20, 2018

Conversation

nvanbenschoten
Copy link
Member

Fixes #32149.

Before this change, it was possible for DBScanResults.resume_key to
point into memory owned by mvccScanner, which went out of scope after
MVCCScan returned. This allowed for memory corruption when returning
the key to Go.

This change fixes this corruption by copying the memory to the DBIterator
before returning, which should have a lifetime which exceeds that of the
DBScanResults.

Release note: None

@nvanbenschoten
libroach: ensure correct lifetime for resume_key on reverse iteration
049fc0d 
Fixes cockroachdb#32149.

Before this change, it was possible for `DBScanResults.resume_key` to
point into memory owned by `mvccScanner`, which went out of scope after
`MVCCScan` returned. This allowed for memory corruption when returning
the key to Go.

This change fixes this corruption by copying the memory to the `DBIterator`
before returning, which should have a lifetime which exceeds that of the
`DBScanResults`.

Release note: None
@nvanbenschoten nvanbenschoten requested review from benesch, petermattis and a team November 19, 2018 23:34
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@nvanbenschoten
Copy link
Member Author

Found with lots of help from @benesch!

petermattis
petermattis approved these changes Nov 20, 2018
View reviewed changes
Copy link
Collaborator

@petermattis petermattis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewable status: :shipit: complete! 1 of 0 LGTMs obtained

c-deps/libroach/mvcc.h, line 141 at r1 (raw file):

        // instead of iter_rep_'s underlying storage if iterating in reverse (see
        // iterPeekPrev), so copy the key onto the DBIterator struct to ensure it
        // has a lifetime that outlives the DBScanResults.

Wow! Nice find.

@nvanbenschoten
Copy link
Member Author

bors r+

craig bot pushed a commit that referenced this pull request Nov 20, 2018
@nvanbenschoten
Merge #32492
704e5b8 
32492: libroach: ensure correct lifetime for resume_key on reverse iteration r=nvanbenschoten a=nvanbenschoten

Fixes #32149.

Before this change, it was possible for `DBScanResults.resume_key` to
point into memory owned by `mvccScanner`, which went out of scope after
`MVCCScan` returned. This allowed for memory corruption when returning
the key to Go.

This change fixes this corruption by copying the memory to the `DBIterator`
before returning, which should have a lifetime which exceeds that of the
`DBScanResults`.

Release note: None

Co-authored-by: Nathan VanBenschoten <[email protected]>
@craig
Copy link
Contributor

craig bot commented Nov 20, 2018

Build succeeded

@craig craig bot merged commit 049fc0d into cockroachdb:master Nov 20, 2018
@nvanbenschoten nvanbenschoten deleted the nvanbenschoten/fixRocksDBCorruption branch November 27, 2018 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@petermattis petermattis petermattis approved these changes

@benesch benesch Awaiting requested review from benesch

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

storage: inverted range in intervalSkl.AddRange
3 participants
@nvanbenschoten @cockroach-teamcity @petermattis