From patchwork Thu Feb 1 07:33:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Steinhardt X-Patchwork-Id: 13540715 Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1586C158D9D for ; Thu, 1 Feb 2024 07:33:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=64.147.123.24 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706772788; cv=none; b=bBSGkqY5QFq8+IEMorkTVuPVXcNDKyZL0CjCEA/V0JzKlT64O3GMuwrfJiYwoyZGSKeRKjOOOzlTSrmdxeK/2BpAPsV+Wlalm5tgQc+Uy3ph9F+oxc/bwHpupGRc2a1lrH5zqjiOvpT35RCAUpzIn2ITsfSG2opaFbwocGAv4Oo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706772788; c=relaxed/simple; bh=3eBTWL+UOwZNVKCwAJiHZydd9vY+oVSJ1xcN0z/bTdo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=oGs6fEUhwAx4ZmEAtm4aiPQxXNFOJ5oRyxP6fj8mjk9TTgFzb/+l7LM56RsUO1fpPsSASUFDUQmuf7hjU3ohVYtM7Oeu0HmpOjo0oUO7v3L/JMHo9gs1Qj6agtUsVGjrgkX9oNrcz+1MEzVzLQ7KaXIzy8M/lWCKBpggdnU1DSU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pks.im; spf=pass smtp.mailfrom=pks.im; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b=HM8Yth8a; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=DiAOVJt4; arc=none smtp.client-ip=64.147.123.24 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=pks.im Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pks.im Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pks.im header.i=@pks.im header.b="HM8Yth8a"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="DiAOVJt4" Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 22C653200AF0; Thu, 1 Feb 2024 02:33:06 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Thu, 01 Feb 2024 02:33:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1706772785; x=1706859185; bh=txa/XPJlhl FGVcKVuBWCooph8usBSwB9ODxCKkwx9fs=; b=HM8Yth8aA9uMio1CjKb4hDKK6V 1LCO5Z7vsw4PTpaKg4KI0bsvfA5XAA1nWP7nuPfr5j/Rhim5jP+K2mJsbnzouXee Ptd5mZgICqf8n51rqIyuEPn18gw3BmO7cMgF74Sbv4cmQzxX2OX5KkEPsIKEI4GV AmxA5GCcF1B8nQRg2986zxDeAsJOoeBtl0R4dRTmks60uQfOXSqT5xKC/YJpHhj7 /S8M0U1PhtSmS8X8u3EzGjf7u8d3SprxuEmHoHMLf6E5yg6lGdkEI5zsSnZrw7lu ndDPZKBllgfQuGHClfJcFDPU9L9fWdl2a1fU1C32jQt6GB8fB9byOieZxDNg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1706772785; x=1706859185; bh=txa/XPJlhlFGVcKVuBWCooph8usB SwB9ODxCKkwx9fs=; b=DiAOVJt4B+AKf4eMlQ2S5mh2eTawD4JIoekqauwDzg1U oGoLwGPeabOlDB/g5jOn8LkX+TM+sYF8KQo0Mbd71IhEj/k8uS57RgqxznHBAzs2 xvnWbT+VUwYHzhHREyMhtTSen3taAB6IEmky/eVYWYkw64JMt227itxgmAB9ExP8 ZSIGHuxpIJbtt9JnCDZ8Qj/BoXGlrqFwqm+CwlP6x+Xoye2hIQfC3EQJyoUwTxvv ZJWMJFXAmsoUBB4UWSknHXXE+j+b9PoCzjUDLXaMpk4m+3s1vUm1O7QSNYf2pMxV ZWESq1PoNrRjbMD846HO0GBf99DrL6AcRdyaMXfJcQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrfedutddguddtjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvvefukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrrght rhhitghkucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucggtffrrghtth gvrhhnpeeukedtvedtffevleejtefgheehieegkeeluddvfeefgeehgfeltddtheejleff teenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpsh esphhkshdrihhm X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 1 Feb 2024 02:33:04 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id ab6d49e6 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Thu, 1 Feb 2024 07:29:42 +0000 (UTC) Date: Thu, 1 Feb 2024 08:33:02 +0100 From: Patrick Steinhardt To: git@vger.kernel.org Cc: Eric Sunshine , Junio C Hamano Subject: [PATCH v2 3/9] reftable/stack: fix parameter validation when compacting range Message-ID: References: Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: The `stack_compact_range()` function receives a "first" and "last" index that indicates which tables of the reftable stack should be compacted. Naturally, "first" must be smaller than "last" in order to identify a proper range of tables to compress, which we indeed also assert in the function. But the validations happens after we have already allocated arrays with a size of `last - first + 1`, leading to an underflow and thus an invalid allocation size. Fix this by reordering the array allocations to happen after we have validated parameters. While at it, convert the array allocations to use the newly introduced macros. Note that the relevant variables pointing into arrays should also be converted to use `size_t` instead of `int`. This is left for a later commit in this series. Signed-off-by: Patrick Steinhardt --- reftable/stack.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/reftable/stack.c b/reftable/stack.c index d084823a92..b6b24c90bf 100644 --- a/reftable/stack.c +++ b/reftable/stack.c @@ -966,6 +966,7 @@ static int stack_write_compact(struct reftable_stack *st, static int stack_compact_range(struct reftable_stack *st, int first, int last, struct reftable_log_expiry_config *expiry) { + char **delete_on_success = NULL, **subtable_locks = NULL, **listp = NULL; struct strbuf temp_tab_file_name = STRBUF_INIT; struct strbuf new_table_name = STRBUF_INIT; struct strbuf lock_file_name = STRBUF_INIT; @@ -974,12 +975,7 @@ static int stack_compact_range(struct reftable_stack *st, int first, int last, int err = 0; int have_lock = 0; int lock_file_fd = -1; - int compact_count = last - first + 1; - char **listp = NULL; - char **delete_on_success = - reftable_calloc(compact_count + 1, sizeof(*delete_on_success)); - char **subtable_locks = - reftable_calloc(compact_count + 1, sizeof(*subtable_locks)); + int compact_count; int i = 0; int j = 0; int is_empty_table = 0; @@ -989,6 +985,10 @@ static int stack_compact_range(struct reftable_stack *st, int first, int last, goto done; } + compact_count = last - first + 1; + REFTABLE_CALLOC_ARRAY(delete_on_success, compact_count + 1); + REFTABLE_CALLOC_ARRAY(subtable_locks, compact_count + 1); + st->stats.attempts++; strbuf_reset(&lock_file_name); @@ -1146,12 +1146,14 @@ static int stack_compact_range(struct reftable_stack *st, int first, int last, done: free_names(delete_on_success); - listp = subtable_locks; - while (*listp) { - unlink(*listp); - listp++; + if (subtable_locks) { + listp = subtable_locks; + while (*listp) { + unlink(*listp); + listp++; + } + free_names(subtable_locks); } - free_names(subtable_locks); if (lock_file_fd >= 0) { close(lock_file_fd); lock_file_fd = -1;