search

holiman / billy

Very simple datastore
BSD 3-Clause "New" or "Revised" License
50 stars 7 forks source link

Flaw found by fuzzer #5

Closed holiman closed 1 year ago

holiman commented 1 year ago 
[user@work billy]$ go run ./cmd/billyfuzz/ 
Opened ./
1 ops, 1 keys active
Reopening db, ops 1728, keys 844
Opened ./
Reopening db, ops 2612, keys 1001
Opened ./
2613 ops, 1002 keys active
panic: bad index: shelf 32768, slot 10, tail 0

goroutine 1 [running]:
main.doFuzz(0xc0000028c0?)
        /home/user/go/src/github.com/holiman/billy/cmd/billyfuzz/main.go:143 +0xe1b
github.com/urfave/cli/v2.(*Command).Run(0xc0000028c0, 0xc00002e380, {0xc000014240, 0x1, 0x1})
        /home/user/go/pkg/mod/github.com/urfave/cli/v2@v2.24.1/command.go:271 +0xa42
github.com/urfave/cli/v2.(*App).RunContext(0xc00017c000, {0x5ed3c0?, 0xc000018110}, {0xc000014240, 0x1, 0x1})
        /home/user/go/pkg/mod/github.com/urfave/cli/v2@v2.24.1/app.go:333 +0x665
github.com/urfave/cli/v2.(*App).Run(...)
        /home/user/go/pkg/mod/github.com/urfave/cli/v2@v2.24.1/app.go:310
main.main()
        /home/user/go/src/github.com/holiman/billy/cmd/billyfuzz/main.go:50 +0x1c5
exit status 2

and

[user@work billy]$ rm *.bag; go run ./cmd/billyfuzz/ 
Opened ./
1 ops, 1 keys active
Reopening db, ops 1399, keys 684
Opened ./
Reopening db, ops 2377, keys 1005
Opened ./
2378 ops, 1005 keys active
panic: bad index: EOF

goroutine 1 [running]:
main.doFuzz(0xc0000d0780?)
        /home/user/go/src/github.com/holiman/billy/cmd/billyfuzz/main.go:128 +0xf9b
github.com/urfave/cli/v2.(*Command).Run(0xc0000d0780, 0xc0000b4340, {0xc00009e200, 0x1, 0x1})
        /home/user/go/pkg/mod/github.com/urfave/cli/v2@v2.24.1/command.go:271 +0xa42
github.com/urfave/cli/v2.(*App).RunContext(0xc00012e000, {0x5ed3c0?, 0xc0000ba000}, {0xc00009e200, 0x1, 0x1})
        /home/user/go/pkg/mod/github.com/urfave/cli/v2@v2.24.1/app.go:333 +0x665
github.com/urfave/cli/v2.(*App).Run(...)
        /home/user/go/pkg/mod/github.com/urfave/cli/v2@v2.24.1/app.go:310
main.main()
        /home/user/go/src/github.com/holiman/billy/cmd/billyfuzz/main.go:50 +0x1c5

Most likely somewhere in the algo for compaction. Should be possible to repro on a single shelf, and iteratively narrow down on. Might be a good idea to use the billy.Database interface to add a (n optional) logging interface, to make a repro.