fbnzk / leveldb

Automatically exported from code.google.com/p/leveldb
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

Invalid options range calcultion function #213

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Open db providing write_buffer_size above 1G (with x64 platform)

What is the expected output? What do you see instead?

Buffer size is expected to set to the specified value, as no restrictions 
described in the options.h. Instead, buffer size will be set to the minimum 
value of 64M (not even max, as possibly writer assumed when providing 
SantizeOptions function implementation.

The core of the problem is that 

ClipToRange 

template function when called as

ClipToRange(var_size_t, 64<<10, 1<<30);

will deduce template parameters as V = int, 

so static_cast<int>(*var_size_t_ptr) will result in possible numeric overflow 
when var_size_t is greater than max_int. As a result

static_cast<V>(*ptr) > maxvalue will fail on common architectures and 
static_cast<V>(*ptr) < minvalue will succeed that is opposite to the actual 
situation.

Original issue reported on code.google.com by sido...@satissoft.ru on 5 Nov 2013 at 12:27