Commit bef95d2
src: fix slice of slice of file-backed Blob
The value for `new_end` was wrong: While the members `start_` and `end_`
refer to the entire length of the file, the parameters `start` and `end`
are relative to the current slice.
The new end would apparently have the current start_ subtracted from it,
and the length would possibly overflow when the FdEntry is asked for its
size or when get_reader is called, resulting in a subslice which extends
past the current slice, which shouldn't be possible. Add a CHECK if this
happens, rather than returning data outside the current slice.
There aren't any C++ tests for FdEntry, and on the javascript side there
isn't a way to ask the blob handle for its nominal size. That size could
be a large uint64, which gets converted to int64 to when FileHandle::new
is called, which interprets a negative length as unlimited.
Fixes: #53908
PR-URL: #53972
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Antoine du Hamel <[email protected]>
Reviewed-By: James M Snell <[email protected]>1 parent 4fb7801 commit bef95d2
File tree
2 files changed
+14
-2
lines changed- src/dataqueue
- test/parallel
2 files changed
+14
-2
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
806 | 806 | | |
807 | 807 | | |
808 | 808 | | |
809 | | - | |
| 809 | + | |
| 810 | + | |
| 811 | + | |
810 | 812 | | |
811 | 813 | | |
812 | 814 | | |
| |||
817 | 819 | | |
818 | 820 | | |
819 | 821 | | |
820 | | - | |
| 822 | + | |
821 | 823 | | |
822 | 824 | | |
823 | 825 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
86 | 86 | | |
87 | 87 | | |
88 | 88 | | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
89 | 99 | | |
90 | 100 | | |
91 | 101 | | |
| |||
0 commit comments