Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix heap corruption from too small kbloom #213

Merged
merged 1 commit into from
Sep 23, 2020
Merged

Conversation

ljusten
Copy link
Contributor

@ljusten ljusten commented Sep 21, 2020

kbloom is a bitmask with 'size2' bits, where 'size2' is the next power of 2 of 'size'. Thus, if 'size' is smaller than 4, 'size2' is smaller than 8, so that size2 / 8 == 0 and calloc allocates 0 bytes. This causes heap corruption when kbloom is subsequently written to. See discussion on https://groups.google.com/g/librsync/c/vmqzQS1QjIw.

kbloom is a bitmask with 'size2' bits, where 'size2' is the next power of 2 of 'size'. Thus, if 'size' is smaller than 4, 'size2' is smaller than 8, so that size2 / 8 == 0 and calloc allocates 0 bytes. This causes heap corruption when kbloom is subsequently written to. See discussion on https://groups.google.com/g/librsync/c/vmqzQS1QjIw.
@dbaarda
Copy link
Member

dbaarda commented Sep 23, 2020

Note that the Bloom filter only helps if the hashtable is larger than L1 cache, which is about 8K entries. We could also just not allocate a bloom filter at all if the hash table is small and change the bloom filter setting/checking to do nothing if t->kbloom is NULL.

However, this is a much simpler fix for now, so I'm going to merge it.

@dbaarda dbaarda merged commit 1fd391c into librsync:master Sep 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants