Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(distributor): validate string table accesses #3819

Merged
merged 1 commit into from
Jan 6, 2025
Merged

fix(distributor): validate string table accesses #3819

merged 1 commit into from
Jan 6, 2025

Conversation

korniltsev
Copy link
Collaborator

backport #3818 to f/97

@korniltsev korniltsev requested a review from a team as a code owner January 6, 2025 09:15
@korniltsev korniltsev added the type/bug Something isn't working label Jan 6, 2025
kolesnikovae
kolesnikovae reviewed Jan 6, 2025
View reviewed changes
pkg/validation/validate.go

if err := validateStringTableAccess(prof); err != nil {
return err
}
for _, valueType := range prof.SampleType {
stt := prof.StringTable[valueType.Type]
Copy link
Collaborator

@kolesnikovae kolesnikovae Jan 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is the only access we need to fix. We duplicate checks done later in pprof validation – it's fine if we merge this, but let's try to avoid duplication. I'm wondering if the sample type check (loc and func ID checks as well) should be performed here, and not in the pprof validation (along with many other checks)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to remove the dupliacate checks, but I am not sure where they are. If I remove the new validations, all new tests fail. Either return 200 when they should not or panic (sample type / sample label string index oob)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's merge it as is and sort it out later

@simonswine
Copy link
Contributor

We should also make sure we have this fix in f100, which should be cut today

@korniltsev korniltsev force-pushed the korniltsev/distributor_string_oob_fix_backport branch from 1f67537 to b386df3 Compare January 6, 2025 09:22
@korniltsev korniltsev force-pushed the korniltsev/distributor_string_oob_fix_backport branch from b386df3 to 4e6d217 Compare January 6, 2025 09:38
@korniltsev korniltsev merged commit 81a349e into weekly/f97 Jan 6, 2025
18 checks passed
@korniltsev korniltsev deleted the korniltsev/distributor_string_oob_fix_backport branch January 6, 2025 09:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kolesnikovae kolesnikovae kolesnikovae approved these changes

Assignees
No one assigned
Labels
type/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@korniltsev @simonswine @kolesnikovae