Fix Copying of data between buffers in FilePrefetchBuffer (#4100)

Summary:
Copy data between buffers inside FilePrefetchBuffer only when chunk length is greater than 0. Otherwise AlignedBuffer was accessing memory out of its range causing crashes.

Removing the tracking of buffer length outside of `AlignedBuffer`, i.e. in `FilePrefetchBuffer` and `ReadaheadRandomAccessFile`, will follow in a separate PR, as it is not the root cause of the crash reported in #4051. (`FilePrefetchBuffer` itself has been this way from its inception, and `ReadaheadRandomAccessFile` was updated to add the buffer length at some point).

Comprehensive tests for `FilePrefetchBuffer` also to follow in a separate PR.
Pull Request resolved: https://github.com/facebook/rocksdb/pull/4100

Differential Revision: D8792590

Pulled By: sagar0

fbshipit-source-id: 3578f45761cf6884243e767f749db4016ccc93e1
main
Sagar Vemuri 7 years ago committed by Facebook Github Bot
parent 926f3a78a6
commit 440621aab8
  1. 1
      util/aligned_buffer.h
  2. 9
      util/file_reader_writer.cc

@ -121,6 +121,7 @@ public:
~static_cast<uintptr_t>(alignment_ - 1));
if (copy_data) {
assert(bufstart_ + copy_offset + copy_len <= bufstart_ + cursize_);
memcpy(new_bufstart, bufstart_ + copy_offset, copy_len);
cursize_ = copy_len;
} else {

@ -672,7 +672,14 @@ Status FilePrefetchBuffer::Prefetch(RandomAccessFileReader* reader,
chunk_len = buffer_len_ - chunk_offset_in_buffer;
assert(chunk_offset_in_buffer % alignment == 0);
assert(chunk_len % alignment == 0);
copy_data_to_new_buffer = true;
assert(chunk_offset_in_buffer + chunk_len <=
buffer_offset_ + buffer_len_);
if (chunk_len > 0) {
copy_data_to_new_buffer = true;
} else {
// this reset is not necessary, but just to be safe.
chunk_offset_in_buffer = 0;
}
}
}

Loading…
Cancel
Save