Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: sanitize pprof references #3218

Merged
merged 6 commits into from
Apr 16, 2024
Merged

fix: sanitize pprof references #3218

merged 6 commits into from
Apr 16, 2024

Conversation

kolesnikovae
Copy link
Collaborator

Resolves #3203

@kolesnikovae kolesnikovae force-pushed the fix/validate-pprof-references branch from f40f3d7 to 642a49f Compare April 15, 2024 02:02
@kolesnikovae kolesnikovae force-pushed the fix/validate-pprof-references branch from ca29a82 to 412c359 Compare April 15, 2024 02:44
kolesnikovae
kolesnikovae commented Apr 15, 2024
View reviewed changes
pkg/pprof/merge_test.go
@@ -33,51 +35,6 @@ func Test_Merge_Self(t *testing.T) {
testhelper.EqualProto(t, p.Profile, m.Profile())
}

func Test_Merge_ZeroReferences(t *testing.T) {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to remove the test as it's no longer valid: invalid elements are discarded at normalization/merge

pkg/pprof/pprof.go
Comment on lines -422 to -423
// ensureHasMapping ensures all locations have at least a mapping.
func (p *Profile) ensureHasMapping() {
Copy link
Collaborator Author

@kolesnikovae kolesnikovae Apr 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now we're doing this at reference sanitisation

@kolesnikovae kolesnikovae marked this pull request as ready for review April 15, 2024 02:56
@kolesnikovae kolesnikovae requested a review from a team as a code owner April 15, 2024 02:56
@kolesnikovae kolesnikovae requested a review from simonswine April 15, 2024 02:57
kolesnikovae
kolesnikovae commented Apr 15, 2024
View reviewed changes
pkg/pprof/merge.go Outdated
@@ -36,7 +36,7 @@ func (m *ProfileMerge) merge(p *profilev1.Profile, clone bool) error {
if p == nil || len(p.StringTable) < 2 {
return nil
}
ConvertIDsToIndices(p)
sanitizeReferences(p)
Copy link
Collaborator Author

@kolesnikovae kolesnikovae Apr 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only reason we do it here is that Merge might be called without Normalize. It is a fairly expensive operation, but it's better than a failure. Ideally, normalization and sanity checks should be performed at parsing

simonswine
simonswine reviewed Apr 15, 2024
View reviewed changes
pkg/pprof/pprof.go Outdated Show resolved Hide resolved
@kolesnikovae @simonswine
handle negative string index
e83b3df 
Co-authored-by: Christian Simon <simon@swine.de>
simonswine
simonswine reviewed Apr 15, 2024
View reviewed changes
Copy link
Contributor

@simonswine simonswine left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally LGTM.

A few things that a simple fuzzing session #3222 uncovered (not originating from this PR):

--- a/pkg/pprof/merge.go
+++ b/pkg/pprof/merge.go
@@ -196,6 +196,9 @@ func combineHeaders(a, b *profilev1.Profile) error {
 // returns nil if the profiles are compatible; otherwise an error with
 // details on the incompatibility.
 func compatible(a, b *profilev1.Profile) error {
+       if a == nil || b == nil {
+               return fmt.Errorf("a nil profile was specified")
+       }
        if !equalValueType(a.PeriodType, b.PeriodType) {
                return fmt.Errorf("incompatible period types %v and %v", a.PeriodType, b.PeriodType)
        }
@@ -213,6 +216,12 @@ func compatible(a, b *profilev1.Profile) error {
 // equalValueType returns true if the two value types are semantically
 // equal. It ignores the internal fields used during encode/decode.
 func equalValueType(st1, st2 *profilev1.ValueType) bool {
+       if st1 == nil && st2 == nil {
+               return true
+       }
+       if st1 == nil || st2 == nil {
+               return false
+       }
        return st1.Type == st2.Type && st1.Unit == st2.Unit
 }

@@ -242,11 +251,13 @@ func RewriteStrings(p *profilev1.Profile, n []uint32) {
        }
        p.DropFrames = int64(n[p.DropFrames])
        p.KeepFrames = int64(n[p.KeepFrames])
-       if p.PeriodType.Type != 0 {
-               p.PeriodType.Type = int64(n[p.PeriodType.Type])
-       }
-       if p.PeriodType.Unit != 0 {
-               p.PeriodType.Unit = int64(n[p.PeriodType.Unit])
+       if p.PeriodType != nil {
+               if p.PeriodType.Type != 0 {
+                       p.PeriodType.Type = int64(n[p.PeriodType.Type])
+               }
+               if p.PeriodType.Unit != 0 {
+                       p.PeriodType.Unit = int64(n[p.PeriodType.Unit])
+               }
        }
        for i, x := range p.Comment {
                p.Comment[i] = int64(n[x])

@kolesnikovae
Copy link
Collaborator Author

I see that we actually do not check if an element is nil (e.g. nil sample) at all – to be added in this PR

@kolesnikovae kolesnikovae merged commit 6f58772 into main Apr 16, 2024
16 checks passed
@kolesnikovae kolesnikovae deleted the fix/validate-pprof-references branch April 16, 2024 01:57
@kolesnikovae kolesnikovae mentioned this pull request Apr 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simonswine simonswine simonswine approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handle invalid profiles gracefully
2 participants
@kolesnikovae @simonswine