Bloom filter reader: prevent potential division by zero

It's currently possible to call NewBloomFilterReader() with zero-sized bloom filters. This is bad, because those will cause divisions by zero when we attempt to perform lookups. Let's simply reject all Bloom filters where sizeBits % 8 == 0. BloomFilterComputingUnreadDirectoryMonitor wouldn't emit those anyway, because it tries to make them prime sized.
buildbarn · Jun 14, 2024 · 88aba65 · 88aba65
1 parent d42ff45
commit 88aba65
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/pkg/filesystem/access/bloom_filter_reader.go b/pkg/filesystem/access/bloom_filter_reader.go
@@ -25,7 +25,7 @@ func NewBloomFilterReader(bloomFilter []byte, hashFunctions uint32) (*BloomFilte
 		return nil, status.Error(codes.InvalidArgument, "Bloom filter is empty")
 	}
 	leadingZeros := bits.LeadingZeros8(uint8(bloomFilter[len(bloomFilter)-1]))
-	if leadingZeros == 8 {
+	if leadingZeros >= 7 {
 		return nil, status.Error(codes.InvalidArgument, "Bloom filter's trailing byte is not properly padded")
 	}
 

diff --git a/pkg/filesystem/access/bloom_filter_reader_test.go b/pkg/filesystem/access/bloom_filter_reader_test.go
@@ -17,6 +17,9 @@ func TestBloomFilterReader(t *testing.T) {
 		_, err := access.NewBloomFilterReader(nil, 123)
 		testutil.RequireEqualStatus(t, status.Error(codes.InvalidArgument, "Bloom filter is empty"), err)
 
+		_, err = access.NewBloomFilterReader([]byte{0x01}, 123)
+		testutil.RequireEqualStatus(t, status.Error(codes.InvalidArgument, "Bloom filter's trailing byte is not properly padded"), err)
+
 		_, err = access.NewBloomFilterReader([]byte{0x12, 0x00}, 123)
 		testutil.RequireEqualStatus(t, status.Error(codes.InvalidArgument, "Bloom filter's trailing byte is not properly padded"), err)
 	})