wal: check out of range slice in "ReadAll", entry limits in "decodeRecord"

[gyuho]

Signed-off-by: Gyuho Lee leegyuho@amazon.com

Please read https://github.com/etcd-io/etcd/blob/master/CONTRIBUTING.md#contribution-flow.

[xiang90]

i think we have a max wal size, also a max key-value pair size. i feel these can be set as a better limit.

[gyuho]

i think we have a max wal size, also a max key-value pair size. i feel these can be set as a better limit.

Do we mean define one for max wal entry size? We have request size limit, but I don't see anywhere we define limit?

etcd/wal/wal.go

Lines 777 to 786 in 1166b1f

	func (w *WAL) saveEntry(e *raftpb.Entry) error {
	// TODO: add MustMarshalTo to reduce one allocation.
	b := pbutil.MustMarshal(e)
	rec := &walpb.Record{Type: entryType, Data: b}
	if err := w.encoder.encode(rec); err != nil {
	return err
	}
	w.enti = e.Index
	return nil
	}

[xiang90]

we have a request limit. also we know that the throughput wont be unlimited. we probably will only be able to batch at most 1000 requests into one WAL entry at most, usually far less... So I guess a 2GB wal entry limit is large enough...

[gyuho]

Added a check for entry upper limit. Here I assume no project ever allows more than 10 MB raft message entry.

[xiang90]

can we simply check 0 <= e.Index-w.start.Index - 1 < len(ents)?

[codecov-io]

Codecov Report

Merging #11793 into master will decrease coverage by 0.68%.
The diff coverage is 66.66%.

@@            Coverage Diff             @@
##           master   #11793      +/-   ##
==========================================
- Coverage   66.69%   66.00%   -0.69%     
==========================================
  Files         403      403              
  Lines       36976    36981       +5     
==========================================
- Hits        24660    24411     -249     
- Misses      10822    11068     +246     
- Partials     1494     1502       +8     

Impacted Files	Coverage Δ
wal/decoder.go	92.04% <0.00%> (-2.15%)	⬇️
wal/wal.go	56.77% <100.00%> (+0.70%)	⬆️
auth/store.go	53.37% <0.00%> (-24.44%)	⬇️
proxy/grpcproxy/register.go	72.50% <0.00%> (-10.00%)	⬇️
auth/simple_token.go	79.83% <0.00%> (-9.25%)	⬇️
client/members.go	65.32% <0.00%> (-8.88%)	⬇️
clientv3/leasing/util.go	91.66% <0.00%> (-6.67%)	⬇️
clientv3/namespace/watch.go	87.87% <0.00%> (-6.07%)	⬇️
etcdserver/api/v3rpc/member.go	87.09% <0.00%> (-3.23%)	⬇️
clientv3/leasing/txn.go	88.09% <0.00%> (-3.18%)	⬇️
... and 15 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6aea6ed...c716d76. Read the comment docs.

[xiang90]

lgtm

[spzala]

lgtm Thanks @gyuho