backport fix use of uninitialized value in LRUHandle

category: bugfix bugzilla: https://gitee.com/src-openeuler/leveldb/issues/I7JJ01?from=project-issue commit 1c75e88055e06da2939f9f4bd294625b76792815 CVE: NA Signed-off-by: Guangzhong Yao yaoguangzhong@xfusion.com
2023-07-07 18:04:49 +08:00 · 2023-07-07 18:04:49 +08:00 · 6491e6b623
commit 6491e6b623
parent 5aad21e5d4
2 changed files with 70 additions and 1 deletions
--- a/0007-Fix-use-of-uninitialized-value-in-LRUHandle.patch
+++ b/0007-Fix-use-of-uninitialized-value-in-LRUHandle.patch
@ -0,0 +1,65 @@
 From 1c75e88055e06da2939f9f4bd294625b76792815 Mon Sep 17 00:00:00 2001
 From: cmumford <cmumford@google.com>
 Date: Mon, 2 Oct 2017 13:57:41 -0700
 Subject: [PATCH] Fix use of uninitialized value in LRUHandle.
 If leveldb::Options::block_cache is set to a cache of zero capacity
 then it is possible for LRUHandle::next to be used without having been
 set.
 Conditional jump or move depends on uninitialised value(s):
  leveldb::(anonymous namespace)::LRUHandle::key() const (cache.cc:58)
  leveldb::(anonymous namespace)::LRUCache::Unref(leveldb::(anonymous namespace)::LRUHandle*) (cache.cc:234)
  leveldb::(anonymous namespace)::LRUCache::Release(leveldb::Cache::Handle*) (cache.cc:266)
  leveldb::(anonymous namespace)::ShardedLRUCache::Release(leveldb::Cache::Handle*) (cache.cc:375)
  leveldb::CacheTest::Insert(int, int, int) (cache_test.cc:59)
 This bug forced a commit reversion in Chromium. For more information see
 https://bugs.chromium.org/p/chromium/issues/detail?id=761398#c4
 -------------
 Created by MOE: https://github.com/google/moe
 MOE_MIGRATED_REVID=170749054
 ---
 util/cache.cc      | 5 ++++-
 util/cache_test.cc | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)
 diff --git a/util/cache.cc b/util/cache.cc
 index ce46886..97b82ea 100644
 --- a/util/cache.cc
 +++ b/util/cache.cc
@@ -288,7 +288,10 @@ Cache::Handle* LRUCache::Insert(
     LRU_Append(&in_use_, e);
     usage_ += charge;
     FinishErase(table_.Insert(e));
 -  } // else don't cache.  (Tests use capacity_==0 to turn off caching.)
 +  } else {
 +    // don't cache.  (It is valid to set capacity_==0 to turn off caching.)
 +    e->next = NULL;
 +  }
   while (usage_ > capacity_ && lru_.next != &lru_) {
     LRUHandle* old = lru_.next;
 diff --git a/util/cache_test.cc b/util/cache_test.cc
 index 468f7a6..246ab8e 100644
 --- a/util/cache_test.cc
 +++ b/util/cache_test.cc
@@ -219,6 +219,14 @@ TEST(CacheTest, Prune) {
   ASSERT_EQ(-1, Lookup(2));
 }
 +TEST(CacheTest, ZeroSizeCache) {
 +  delete cache_;
 +  cache_ = NewLRUCache(0);
 +
 +  Insert(1, 100);
 +  ASSERT_EQ(-1, Lookup(1));
 +}
 +
 }  // namespace leveldb
 int main(int argc, char** argv) {
 -- 
 2.40.0.windows.1
--- a/leveldb.spec
+++ b/leveldb.spec
@ -1,6 +1,6 @@
 Name:           leveldb
 Version:        1.20
-Release:        6
+Release:        7
 Summary:        A key/value database library
 License:        BSD
 URL:            https://github.com/google/leveldb
@ -12,6 +12,7 @@ Patch0003:      0003-allow-Get-calls-to-avoid-copies-into-std-string.patch
 Patch0004:      0004-bloom_test-failure-on-big-endian-archs.patch
 Patch0005:      0005-broken-db-fix-assertion-in-leveldb-InternalKey-Encod.patch
 Patch0006:      0006-leveldb-Fix-alignment-code-in-SSE4.2-optimized-CRC32.patch
 Patch0007:      0007-Fix-use-of-uninitialized-value-in-LRUHandle.patch
 BuildRequires:  make gcc-c++ snappy-devel
@ -73,6 +74,9 @@ make -j1 check
 %{_libdir}/pkgconfig/leveldb.pc
 %changelog
 * Fri Jul 7 2023 yaoguangzhong <yaoguangzhong@xfusion.com> -  1.20-7
 - fix use of uninitialized value in LRUHandle
 * Tue Apr 25 2023 yaoguangzhong <yaoguangzhong@xfusion.com> -  1.20-6
 - fix alignment code in SSE4.2-optimized CRC32C