memory corruption bug with ReadableByteChannel RLP streaming #78
esaulpaugh
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
In some situations it's possible that, when using an
Iterator<RLPItem>created from aReadableByteChannel, a buffer reuse problem can cause the data definingRLPItems from earlier in the stream to be overwritten with arbitrary data from later in the stream.This can happen if a buffer used inside the iterator (default size: 8192 bytes) becomes full and gets rewound back to index 0 to accept additional input.
Fix: 5acdcb8
The fix is for the iterator implementation to never reuse any of the buffers, any of which can escape the iterator.
Recommended temporary workarounds:
Never iterate over a ReadableByteChannel which may serve more data than the initial buffer can hold.
or
Do not hold a reference to an RLPItem from the iterator past the next call to
Iterator#hasNextor#next. The easiest way to ensure this is to replace all calls tonext()on these iterators withnext().duplicate(), which will create an independent copy of the item.Beta Was this translation helpful? Give feedback.
All reactions