You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucy.apache.org by "Marvin Humphrey (JIRA)" <ji...@apache.org> on 2010/02/20 01:04:27 UTC

[jira] Updated: (LUCY-101) Tighten bounds checking within InStream

     [ https://issues.apache.org/jira/browse/LUCY-101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marvin Humphrey updated LUCY-101:
---------------------------------

    Attachment: instream_bounds_checking.diff

Bug #1 is that Reopen() has been blindly assigning offset and length,
potentially resulting in an InStream which would attempt to read outside of
mapped memory without complaint.  The fix is to have Reopen() throw an
exception rather than allow invalid bounds.

Bug #2 lies within one branch of the static inline function SI_read_bytes().
Small read requests would result in the refill of a small number of bytes, but
there was no check in place to ensure that the refill was sufficient for the
request, so memcpy() could overrun without complaint.  The fix -- check to
ensure that the refill provides enough bytes -- adds a small amount of
overhead to this performance critical code, but only on a branch that doesn't
get invoked very often.

The third change is to forbid Seek() to file positions greater than the
InStream's length.  Theoretically this change is unnecessary, because an
InStream located to an invalid file position will fail on the next read.
(Though in fact bug #2 prevented that from happening while I was figuring all
this out.)  It is also different from the interface provided by functions such
as fseek() and lseek().  However, unlike POSIX file descriptors or FILE*
streams, InStreams are always read-only, and there is no valid reason to seek
outside of file bounds.  By changing Seek() to throw an exception rather than
allow an invalid location, we learn about problems as soon as they occur
rather than after an indeterminate delay.

> Tighten bounds checking within InStream
> ---------------------------------------
>
>                 Key: LUCY-101
>                 URL: https://issues.apache.org/jira/browse/LUCY-101
>             Project: Lucy
>          Issue Type: Bug
>          Components: Core - Store
>            Reporter: Marvin Humphrey
>            Assignee: Marvin Humphrey
>            Priority: Minor
>         Attachments: instream_bounds_checking.diff
>
>
> There are presently three places within InStream where tighter bounds checking
> would be beneficial.  Two are clearly bugs, while the third is an API design
> call.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.