On 11/15/20 3:52 PM, Renat Nurgaliyev wrote: > In modern systems, size_t is 64 bits. There is a 32 bit overflow check > in sha1_update(), which will not work correctly, because compiler will > do an automatic cast to 64 bits, since size_t type variable is in the > expression. We do want however to lose data, since this is the whole > idea of this overflow check. > > Because of this, computation of SHA-1 checksum will always be incorrect > for any data, that is bigger than 512 megabytes, which in bits is the > boundary of 32 bits integer. > > In practice it means that any OVSDB transaction, bigger or equal to 512 > megabytes, is considered corrupt and ovsdb-server will refuse to work > with the database file. This is especially critical for OVN southbound > database, since it tends to grow rapidly. > > Signed-off-by: Renat Nurgaliyev <imple...@gmail.com> > --- > v2: > replace size_t with uint32_t where necessary instead of explicit cast > ---
Thanks! Applied to master and backported all the way down to 2.5. I also crafted a unit test for this issue. Patch available here: https://patchwork.ozlabs.org/project/openvswitch/patch/20201116190822.1199992-1-i.maxim...@ovn.org/ Best regards, Ilya Maximets. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
