Fix potential buffer overflow (#3146)

Summary: Size of pointer `sub_x` used instead of size of its data. This is likely to lead to a buffer overflow if the user is not lucky enough to be in a x32 bit machine where `sizeof(float*) == sizeof(float)`. You probably intend to write `sizeof(*sub_x)` or `sizeof(float)` ? Pull Request resolved: #3146 Reviewed By: mlomeli1 Differential Revision: D51618892 Pulled By: algoriddle fbshipit-source-id: 82acd98009515e963c547d5c62946f93ef5561b5
facebookresearch · Dec 11, 2023 · 9f8f238 · 9f8f238
1 parent 9107035
commit 9f8f238
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/faiss/MetaIndexes.cpp b/faiss/MetaIndexes.cpp
@@ -96,7 +96,7 @@ void IndexSplitVectors::search(
                 for (idx_t i = 0; i < n; i++)
                     memcpy(sub_x.get() + i * sub_d,
                            x + ofs + i * d,
-                           sub_d * sizeof(sub_x));
+                           sub_d * sizeof(float));
                 sub_index->search(n, sub_x.get(), k, distances1, labels1);
                 if (index->verbose)
                     printf("end query shard %d\n", no);