Fix several crashes in repair from corrupted pages #888
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
During repair, it's normal to encounter a partially-written tree, which can contain arbitrary invalid data. We can't crash when that happens; we need to gracefully fail so the repair can try the other commit slot instead. This first batch of fixes only covers the crashes most likely to occur in practice: the ones that can happen on a 64-bit machine, without malicious input.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
During repair, it's normal to encounter a partially-written tree, which can contain arbitrary invalid data. We can't crash when that happens; we need to gracefully fail so the repair can try the other commit slot instead.
This first batch of fixes only covers the crashes most likely to occur in practice: the ones that can happen on a 64-bit machine, without malicious input. There are several more arithmetic overflows that can only happen on 32-bit machines, which are simple to fix but I haven't done yet (I can probably look at these after #878). There are also a number of trickier crashes that can only happen when there's corrupt data with a valid checksum, which is unlikely to happen accidentally but definitely possible with malicious input. #878 will greatly improve the situation there.
If it's useful, I have .redb files which will reproduce most of these crashes; if you'd like them, just let me know.