From bdc109bdc7dcb4ec98de9605c24fbd9afef5f3bc Mon Sep 17 00:00:00 2001 From: sasha-s Date: Thu, 26 Mar 2015 16:47:24 -0700 Subject: [PATCH 1/2] fix `slice bounds out of range`/maxAllocSize bugs when accessing the node data we used to use cast to *[maxAllocSize]byte, which breaks if we try to go across maxAllocSize boundary. This leads to occasional panics. Sample stacktrace: ``` panic: runtime error: slice bounds out of range goroutine 1 [running]: github.com/boltdb/bolt.(*node).write(0xc208010f50, 0xc27452a000) $GOPATH/src/github.com/boltdb/bolt/node.go:228 +0x5a5 github.com/boltdb/bolt.(*node).spill(0xc208010f50, 0x0, 0x0) $GOPATH/src/github.com/boltdb/bolt/node.go:364 +0x506 github.com/boltdb/bolt.(*node).spill(0xc208010700, 0x0, 0x0) $GOPATH/src/github.com/boltdb/bolt/node.go:336 +0x12d github.com/boltdb/bolt.(*node).spill(0xc208010620, 0x0, 0x0) $GOPATH/src/github.com/boltdb/bolt/node.go:336 +0x12d github.com/boltdb/bolt.(*Bucket).spill(0xc22b6ae880, 0x0, 0x0) $GOPATH/src/github.com/boltdb/bolt/bucket.go:535 +0x1c4 github.com/boltdb/bolt.(*Bucket).spill(0xc22b6ae840, 0x0, 0x0) $GOPATH/src/github.com/boltdb/bolt/bucket.go:502 +0xac2 github.com/boltdb/bolt.(*Bucket).spill(0xc22f4e2018, 0x0, 0x0) $GOPATH/src/github.com/boltdb/bolt/bucket.go:502 +0xac2 github.com/boltdb/bolt.(*Tx).Commit(0xc22f4e2000, 0x0, 0x0) $GOPATH/src/github.com/boltdb/bolt/tx.go:150 +0x1ee github.com/boltdb/bolt.(*DB).Update(0xc2080e4000, 0xc24d077508, 0x0, 0x0) $GOPATH/src/github.com/boltdb/bolt/db.go:483 +0x169 ``` It usually happens when working with large (50M/100M) values. One way to reproduce it is to change maxAllocSize in bolt_amd64.go to 70000 and run the tests. TestBucket_Put_Large crashes. --- bolt_amd64.go | 4 ++++ node.go | 12 +++++++++--- page.go | 6 +++--- tx.go | 24 ++++++++++++++++++------ 4 files changed, 34 insertions(+), 12 deletions(-) diff --git a/bolt_amd64.go b/bolt_amd64.go index cca6b7e..83f935f 100644 --- a/bolt_amd64.go +++ b/bolt_amd64.go @@ -5,3 +5,7 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256TB // maxAllocSize is the size used when creating array pointers. const maxAllocSize = 0x7FFFFFFF + +// Setting +// const maxAllocSize = 70000 +// reveals the index out of bound bug(s) diff --git a/node.go b/node.go index 05aefb8..4276e4a 100644 --- a/node.go +++ b/node.go @@ -220,12 +220,16 @@ func (n *node) write(p *page) { elem.pgid = item.pgid _assert(elem.pgid != p.id, "write: circular dependency occurred") } + lk, lv := len(item.key), len(item.value) + if len(b) < lk+lv { + b = (*[maxAllocSize]byte)(unsafe.Pointer(&b[0]))[:] + } // Write data for the element to the end of the page. copy(b[0:], item.key) - b = b[len(item.key):] + b = b[lk:] copy(b[0:], item.value) - b = b[len(item.value):] + b = b[lv:] } // DEBUG ONLY: n.dump() @@ -351,7 +355,9 @@ func (n *node) spill() error { } // Allocate contiguous space for the node. - p, err := tx.allocate((node.size() / tx.db.pageSize) + 1) + // sz := node.size() + n.pageElementSize()*len(n.inodes) + sz := node.size() + p, err := tx.allocate((sz / tx.db.pageSize) + 1) if err != nil { return err } diff --git a/page.go b/page.go index 58e43c4..bc0d333 100644 --- a/page.go +++ b/page.go @@ -96,7 +96,7 @@ type branchPageElement struct { // key returns a byte slice of the node key. func (n *branchPageElement) key() []byte { buf := (*[maxAllocSize]byte)(unsafe.Pointer(n)) - return buf[n.pos : n.pos+n.ksize] + return (*[maxAllocSize]byte)(unsafe.Pointer(&buf[n.pos]))[:n.ksize] } // leafPageElement represents a node on a leaf page. @@ -110,13 +110,13 @@ type leafPageElement struct { // key returns a byte slice of the node key. func (n *leafPageElement) key() []byte { buf := (*[maxAllocSize]byte)(unsafe.Pointer(n)) - return buf[n.pos : n.pos+n.ksize] + return (*[maxAllocSize]byte)(unsafe.Pointer(&buf[n.pos]))[:n.ksize] } // value returns a byte slice of the node value. func (n *leafPageElement) value() []byte { buf := (*[maxAllocSize]byte)(unsafe.Pointer(n)) - return buf[n.pos+n.ksize : n.pos+n.ksize+n.vsize] + return (*[maxAllocSize]byte)(unsafe.Pointer(&buf[n.pos+n.ksize]))[:n.vsize] } // PageInfo represents human readable information about a page. diff --git a/tx.go b/tx.go index fda6a21..9ffceaf 100644 --- a/tx.go +++ b/tx.go @@ -421,14 +421,26 @@ func (tx *Tx) write() error { // Write pages to disk in order. for _, p := range pages { size := (int(p.overflow) + 1) * tx.db.pageSize - buf := (*[maxAllocSize]byte)(unsafe.Pointer(p))[:size] offset := int64(p.id) * int64(tx.db.pageSize) - if _, err := tx.db.ops.writeAt(buf, offset); err != nil { - return err + ptr := (*[maxAllocSize]byte)(unsafe.Pointer(p)) + for { + sz := size + if sz > maxAllocSize-1 { + sz = maxAllocSize - 1 + } + buf := ptr[:sz] + if _, err := tx.db.ops.writeAt(buf, offset); err != nil { + return err + } + // Update statistics. + tx.stats.Write++ + size -= sz + if size == 0 { + break + } + offset += int64(sz) + ptr = (*[maxAllocSize]byte)(unsafe.Pointer(&ptr[sz])) } - - // Update statistics. - tx.stats.Write++ } if !tx.db.NoSync || IgnoreNoSync { if err := fdatasync(tx.db); err != nil { From bf5458de2f302248c02015a7439104baa9b0b103 Mon Sep 17 00:00:00 2001 From: Ben Johnson Date: Mon, 18 May 2015 10:14:47 -0600 Subject: [PATCH 2/2] Add inline documentation for bdc109b. This commit simply adds some additional comments to the commit provided by sasha-s that fixes the "slice out of bounds" errors. --- bolt_amd64.go | 4 ---- node.go | 17 ++++++++++------- tx.go | 12 ++++++++++++ 3 files changed, 22 insertions(+), 11 deletions(-) diff --git a/bolt_amd64.go b/bolt_amd64.go index 83f935f..cca6b7e 100644 --- a/bolt_amd64.go +++ b/bolt_amd64.go @@ -5,7 +5,3 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256TB // maxAllocSize is the size used when creating array pointers. const maxAllocSize = 0x7FFFFFFF - -// Setting -// const maxAllocSize = 70000 -// reveals the index out of bound bug(s) diff --git a/node.go b/node.go index 4276e4a..c9fb21c 100644 --- a/node.go +++ b/node.go @@ -220,16 +220,21 @@ func (n *node) write(p *page) { elem.pgid = item.pgid _assert(elem.pgid != p.id, "write: circular dependency occurred") } - lk, lv := len(item.key), len(item.value) - if len(b) < lk+lv { + + // If the length of key+value is larger than the max allocation size + // then we need to reallocate the byte array pointer. + // + // See: https://github.com/boltdb/bolt/pull/335 + klen, vlen := len(item.key), len(item.value) + if len(b) < klen+vlen { b = (*[maxAllocSize]byte)(unsafe.Pointer(&b[0]))[:] } // Write data for the element to the end of the page. copy(b[0:], item.key) - b = b[lk:] + b = b[klen:] copy(b[0:], item.value) - b = b[lv:] + b = b[vlen:] } // DEBUG ONLY: n.dump() @@ -355,9 +360,7 @@ func (n *node) spill() error { } // Allocate contiguous space for the node. - // sz := node.size() + n.pageElementSize()*len(n.inodes) - sz := node.size() - p, err := tx.allocate((sz / tx.db.pageSize) + 1) + p, err := tx.allocate((node.size() / tx.db.pageSize) + 1) if err != nil { return err } diff --git a/tx.go b/tx.go index 9ffceaf..3fef4b4 100644 --- a/tx.go +++ b/tx.go @@ -422,26 +422,38 @@ func (tx *Tx) write() error { for _, p := range pages { size := (int(p.overflow) + 1) * tx.db.pageSize offset := int64(p.id) * int64(tx.db.pageSize) + + // Write out page in "max allocation" sized chunks. ptr := (*[maxAllocSize]byte)(unsafe.Pointer(p)) for { + // Limit our write to our max allocation size. sz := size if sz > maxAllocSize-1 { sz = maxAllocSize - 1 } + + // Write chunk to disk. buf := ptr[:sz] if _, err := tx.db.ops.writeAt(buf, offset); err != nil { return err } + // Update statistics. tx.stats.Write++ + + // Exit inner for loop if we've written all the chunks. size -= sz if size == 0 { break } + + // Otherwise move offset forward and move pointer to next chunk. offset += int64(sz) ptr = (*[maxAllocSize]byte)(unsafe.Pointer(&ptr[sz])) } } + + // Ignore file sync if flag is set on DB. if !tx.db.NoSync || IgnoreNoSync { if err := fdatasync(tx.db); err != nil { return err