Skip to content

Commit

Permalink
reader: limit reader memory consumption
Browse files Browse the repository at this point in the history
  • Loading branch information
SaveTheRbtz committed Mar 17, 2022
1 parent d8393aa commit f4b45ab
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
14 changes: 14 additions & 0 deletions reader.go
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,11 @@ func (s *ReaderImpl) read(dst []byte, off int64) (int64, int, error) {
decompressed = cachedData
} else {
// slowpath
if index.CompSize > maxDecoderFrameSize {
return 0, 0, fmt.Errorf("index.CompSize is too big: %d > %d",
index.CompSize, maxDecoderFrameSize)
}

src, err := s.o.env.GetFrameByIndex(*index)
if err != nil {
return 0, 0, fmt.Errorf("failed to read compressed data at: %d, %w", index.CompOffset, err)
Expand Down Expand Up @@ -354,6 +359,11 @@ func (s *ReaderImpl) indexFooter() (*btree.BTree, *FrameOffsetEntry, error) {
skippableFrameOffset += frameSizeFieldSize
skippableFrameOffset += skippableMagicNumberFieldSize

if skippableFrameOffset > maxDecoderFrameSize {
return nil, nil, fmt.Errorf("frame offset is too big: %d > %d",
skippableFrameOffset, maxDecoderFrameSize)
}

buf, err = s.o.env.ReadSkipFrame(skippableFrameOffset)
if err != nil {
return nil, nil, fmt.Errorf("failed to read footer: %w", err)
Expand All @@ -377,6 +387,10 @@ func (s *ReaderImpl) indexFooter() (*btree.BTree, *FrameOffsetEntry, error) {
expectedFrameSize, frameSize)
}

if frameSize > maxDecoderFrameSize {
return nil, nil, fmt.Errorf("frame is too big: %d > %d", frameSize, maxDecoderFrameSize)
}

return s.indexSeekTableEntries(buf[8:len(buf)-seekTableFooterOffset], uint64(seekTableEntrySize))
}

Expand Down
3 changes: 3 additions & 0 deletions seekable.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,9 @@ const (
frameSizeFieldSize = 4
skippableMagicNumberFieldSize = 4

// maxFrameSize is the maximum framesize supported by decoder. This is to prevent OOMs due to untrusted input.
maxDecoderFrameSize = 128 << 20

seekableTag = 0xE
)

Expand Down

0 comments on commit f4b45ab

Please sign in to comment.