Skip to content

Additional index deserialization validation#4844

Closed
scsiguy wants to merge 2 commits intofacebookresearch:mainfrom
scsiguy:export-D94558548
Closed

Additional index deserialization validation#4844
scsiguy wants to merge 2 commits intofacebookresearch:mainfrom
scsiguy:export-D94558548

Conversation

@scsiguy
Copy link
Contributor

@scsiguy scsiguy commented Feb 26, 2026

Summary:
Fix 1: IndexLattice r2 and dsq validation

  • Tightens the r2 check from r2 >= 0 to r2 > 0. r2 must be greater
    than zero to avoid a divide by zero during normalization.
  • Adds a new check that 'dsq = d/nsq' is a power of 2 and >= 2. This
    aligns with asserts in ZnSphereCodecRec and prevents an invalid
    'cache_level' value of -1.

Fix 2: Binary hash invlists buffer validation

  • Changes from pre-allocating the buffer with a computed size (then
    overwriting via READVECTOR) to reading the buffer first and then
    checking it is large enough. Since READVECTOR determines its size
    from the serialized data stream, the previous logic didn't actually
    verify that the buffer was fully filled with valid data.

Differential Revision: D94558548

@scsiguy @facebook-github-bot
Validate HNSW levels array entries during deserialization (facebookre…
fcff16b 
…search#4827)

Summary:

In validate_HNSW(), bounds check access to cum_nneighbor_per_level for each
level of the deserialized HNSW.

Reviewed By: junjieqi

Differential Revision: D93903637
@scsiguy @facebook-github-bot
Additional index deserialization validation
460bcbd 
Summary:
Fix 1: IndexLattice r2 and dsq validation
  - Tightens the r2 check from r2 >= 0 to r2 > 0. r2 must be greater
    than zero to avoid a divide by zero during normalization.
  - Adds a new check that 'dsq = d/nsq' is a power of 2 and >= 2. This
    aligns with asserts in ZnSphereCodecRec and prevents an invalid
    'cache_level' value of -1.

Fix 2: Binary hash invlists buffer validation
  - Changes from pre-allocating the buffer with a computed size (then
    overwriting via READVECTOR) to reading the buffer first and then
    checking it is large enough.  Since READVECTOR determines its size
    from the serialized data stream, the previous logic didn't actually
    verify that the buffer was fully filled with valid data.

Differential Revision: D94558548
@meta-cla meta-cla bot added the CLA Signed label Feb 26, 2026
@meta-codesync
Copy link
Contributor

meta-codesync bot commented Feb 26, 2026

@scsiguy has exported this pull request. If you are a Meta employee, you can view the originating Diff in D94558548.

@meta-codesync meta-codesync bot closed this in 6704852 Feb 27, 2026
@meta-codesync
Copy link
Contributor

meta-codesync bot commented Feb 27, 2026

This pull request has been merged in 6704852.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CLA Signed fb-exported Merged meta-exported

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@scsiguy @facebook-github-bot