From ff512b0c93c4495f5c17b14264c47031460124c5 Mon Sep 17 00:00:00 2001 From: Jingyu Zhou Date: Mon, 16 Sep 2019 15:56:23 -0700 Subject: [PATCH] Fix memory corruption due to invalid Arena For an ILogPeekCursor, the arena becomes invalid if hasMessage() is false. So the backup worker needs to keep a reference to the arena so that the message refers to memory area that is still valid. --- fdbserver/Backup.actor.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/fdbserver/Backup.actor.cpp b/fdbserver/Backup.actor.cpp index d6f32235fb..7951fa2047 100644 --- a/fdbserver/Backup.actor.cpp +++ b/fdbserver/Backup.actor.cpp @@ -32,9 +32,11 @@ struct VersionedMessage { LogMessageVersion version; StringRef message; - std::vector tags; // TODO: remove this. + std::vector tags; + Arena arena; // Keep a reference to the memory containing the message - VersionedMessage(LogMessageVersion v, StringRef m) : version(v), message(m) {} + VersionedMessage(LogMessageVersion v, StringRef m, const std::vector& t, const Arena& a) + : version(v), message(m), tags(t), arena(a) {} const Version getVersion() const { return version.version; } const uint32_t getSubVersion() const { return version.sub; } }; @@ -121,6 +123,8 @@ bool isBackupMessage(const VersionedMessage& msg) { return false; // skip Txs mutations } } + // check for metadataVersionKey and special metadata mutations + // MutationRef m = BinaryReader::fromStringRef(message, AssumeVersion(currentProtocolVersion)); // std::cout << m.toString() << std::endl; // std::cout << msg.message.printable() << std::endl; @@ -231,8 +235,7 @@ ACTOR Future pullAsyncData(BackupData* self) { // Note we aggressively peek (uncommitted) messages, but only committed // messages/mutations will be flushed to disk/blob in uploadData(). while (r->hasMessage()) { - self->messages.emplace_back(r->version(), r->getMessageWithTags()); - self->messages.back().tags = r->getTags(); + self->messages.emplace_back(r->version(), r->getMessageWithTags(), r->getTags(), r->arena()); r->nextMessage(); }