common/allocators/zstd.c: Handle zeroing unallocated space

rwmjones · rwmjones · commit 04ea2a72d976 · 2021-08-16T14:25:19.000+01:00
The zstd allocator crashed when asked to either fill or zero space that had previously been unallocated. This adds a check for this case. $ rpm -q nbdkit nbdkit-1.27.4-1.fc35.x86_64 $ nbdkit data "0*10" allocator=zstd -fv nbdkit: debug: nbdkit 1.27.4 (nbdkit-1.27.4-1.fc35) nbdkit: debug: TLS disabled: could not load TLS certificates nbdkit: debug: registering plugin /usr/lib64/nbdkit/plugins/nbdkit-data-plugin.so nbdkit: debug: registered plugin /usr/lib64/nbdkit/plugins/nbdkit-data-plugin.so (name data) nbdkit: debug: data: load nbdkit: debug: data: config key=data, value=0*10 nbdkit: debug: data: config key=allocator, value=zstd nbdkit: debug: data: config_complete nbdkit: debug: using thread model: parallel nbdkit: debug: data: get_ready nbdkit: debug: allocator: zstd Segmentation fault (core dumped) (gdb) bt #0 0x00007ff61d67284e in zstd_array_zero (a=0x557b37763b50, count=10, offset=0) at ../../common/allocators/zstd.c:484 #1 0x00007ff61d672aab in zstd_array_fill (a=0x557b37763b50, c=<optimized out>, count=10, offset=0) at ../../common/allocators/zstd.c:432 #2 0x00007ff61d6703c2 in evaluate (dict=0x0, root=<optimized out>, a=0x557b37763b50, offset=0x7fff9a6b5330, size=0x7fff9a6b5310) at /usr/src/debug/nbdkit-1.27.4-1.fc35.x86_64/plugins/data/format.c:1346 #3 0x00007ff61d670663 in read_data_format (size_rtn=0x7fff9a6b5310, a=0x557b37763b50, value=<optimized out>) at /usr/src/debug/nbdkit-1.27.4-1.fc35.x86_64/plugins/data/format.c:314 #4 data_get_ready () at /usr/src/debug/nbdkit-1.27.4-1.fc35.x86_64/plugins/data/data.c:214 #5 0x0000557b2e5a005f in plugin_get_ready (b=0x557b37763870) at /usr/src/debug/nbdkit-1.27.4-1.fc35.x86_64/server/plugins.c:259 #6 0x0000557b2e59a073 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/nbdkit-1.27.4-1.fc35.x86_64/server/main.c:731 (cherry picked from commit 712fd7b)
diff --git a/common/allocators/zstd.c b/common/allocators/zstd.c
@@ -466,7 +466,7 @@ zstd_array_zero (struct allocator *a, uint64_t count, uint64_t offset)
   CLEANUP_FREE void *tbuf = NULL;
   uint64_t n;
   void *p;
-  struct l2_entry *l2_entry;
+  struct l2_entry *l2_entry = NULL;
 
   tbuf = malloc (PAGE_SIZE);
   if (tbuf == NULL) {
@@ -481,7 +481,7 @@ zstd_array_zero (struct allocator *a, uint64_t count, uint64_t offset)
       n = count;
     memset (p, 0, n);
 
-    if (l2_entry->page) {
+    if (l2_entry && l2_entry->page) {
       /* If the whole page is now zero, free it. */
       if (n >= PAGE_SIZE || is_zero (l2_entry->page, PAGE_SIZE)) {
         if (za->a.debug)
diff --git a/tests/test-data-format.sh b/tests/test-data-format.sh
@@ -154,6 +154,9 @@ do_test '
 \a*2[:0] \a[:0]*2
 ' 'b""'
 
+# In nbdkit <= 1.27.5 this caused allocator=zstd to crash.
+do_test '0*10' 'bytearray(10)'
+
 #----------------------------------------------------------------------
 # Test various optimizations preserve the meaning.
 
