From f63b88e96674ea8f99e1008d28224ea21a415f3a Mon Sep 17 00:00:00 2001 From: Dan Engelbrecht Date: Tue, 6 Aug 2024 14:32:51 +0200 Subject: validate cbobject before iterating for attachments to avoid crash on malformed data (#101) --- src/zenstore/cache/cachedisklayer.cpp | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'src/zenstore/cache/cachedisklayer.cpp') diff --git a/src/zenstore/cache/cachedisklayer.cpp b/src/zenstore/cache/cachedisklayer.cpp index f865e1c3c..159f54422 100644 --- a/src/zenstore/cache/cachedisklayer.cpp +++ b/src/zenstore/cache/cachedisklayer.cpp @@ -3386,9 +3386,12 @@ ZenCacheDiskLayer::CacheBucket::RemoveExpiredData(GcCtx& Ctx, GcStats& Stats) bool ZenCacheDiskLayer::CacheBucket::GetReferencesLocked(GcCtx& Ctx, std::vector& OutReferences) { - auto GetAttachments = [&](const void* CbObjectData) { - CbObjectView Obj(CbObjectData); - Obj.IterateAttachments([&](CbFieldView Field) { OutReferences.emplace_back(Field.AsAttachment()); }); + auto GetAttachments = [&](MemoryView Data) { + if (ValidateCompactBinary(Data, CbValidateMode::Default) == CbValidateError::None) + { + CbObjectView Obj(Data.GetData()); + Obj.IterateAttachments([&](CbFieldView Field) { OutReferences.emplace_back(Field.AsAttachment()); }); + } }; std::vector> StandaloneKeys; @@ -3446,13 +3449,13 @@ ZenCacheDiskLayer::CacheBucket::GetReferencesLocked(GcCtx& Ctx, std::vector