Skip to content
This repository has been archived by the owner on Nov 6, 2020. It is now read-only.

updater: fix static id hashes initialization #10755

Merged
merged 2 commits into from
Jun 17, 2019
Merged

Conversation

ordian
Copy link
Collaborator

@ordian ordian commented Jun 17, 2019

Might help with #10085 (comment).

The bug was introduced in #10670.
Previously we used to pad short bytes with zeros when converting them to H256:
https://github.com/paritytech/parity-common/blob/e16441a8421d2e39a2e91a40f30a6b01cbaee00e/fixed-hash/src/hash.rs#L105-L111
But in the latest version of fixed-hash there is a length check and a panic.

I'm not really sure if there are other places in our codebase where we rely on the hash string being resized automatically when converting to H256.

@ordian ordian added A0-pleasereview 🤓 Pull request needs code review. M4-core ⛓ Core client code / Rust. labels Jun 17, 2019
@ordian ordian added this to the 2.6 milestone Jun 17, 2019
@ordian ordian requested a review from dvdplm June 17, 2019 10:07
updater/src/updater.rs Outdated Show resolved Hide resolved
Copy link
Contributor

@ngotchac ngotchac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't H256::from_slice only accepts 32-lenth slices?
Otherwise, LGTM. I couldn't find any other places where this bug could occur

@ordian
Copy link
Collaborator Author

ordian commented Jun 17, 2019

Can't H256::from_slice only accepts 32-lenth slices?

It currently does and that is the problem, since CLIEND_ID ("parity") and PLATFORM are less then 32 bytes.

@ngotchac
Copy link
Contributor

Yeah, I meant as the argument type? So that we could catch this at compile time.

@ordian
Copy link
Collaborator Author

ordian commented Jun 17, 2019

Can't H256::from_slice only accepts 32-lenth slices?

Ah, you mean &[u8; 32]? That would probably make it harder to use this API when we generate a Vec from a hex string or use a subslice of larger type like data[..32].

@ngotchac
Copy link
Contributor

Yeah sure, but we could also have a from_unknown_slice method or so for such cases that would pad it as it used to do

@dvdplm dvdplm merged commit 35c607f into master Jun 17, 2019
@dvdplm dvdplm deleted the ao-fix-updater-crash branch June 17, 2019 11:22
@ordian
Copy link
Collaborator Author

ordian commented Jun 17, 2019

Yeah sure, but we could also have a from_unknown_slice method or so for such cases that would pad it as it used to do

Fair enough, but you can create it from &[u8; 32] slice already by H256(*slice) :P
Maybe this is what we should use instead though.

@ngotchac
Copy link
Contributor

Yeah sure.. But what I meant is that it would be better to not have a possible panic as we do now :p Maybe renaming from_slice to from_unsafe_slice then :p

dvdplm added a commit that referenced this pull request Jun 17, 2019
* master:
  updater: fix static id hashes initialization (#10755)
  Use fewer threads for snapshotting (#10752)
  Die error_chain, die (#10747)
dvdplm added a commit that referenced this pull request Jun 17, 2019
…me-parent

* master:
  updater: fix static id hashes initialization (#10755)
  Use fewer threads for snapshotting (#10752)
  Die error_chain, die (#10747)
  Fix deprectation warnings on nightly (#10746)
  fix docker tags for publishing (#10741)
  DevP2p: Get node IP address and udp port from Socket, if not included in PING packet (#10705)
  ethcore: enable ECIP-1054 for classic (#10731)
@ordian
Copy link
Collaborator Author

ordian commented Jun 17, 2019

I get what you're trying to say, but it would also require changing conversions to uint for consistency, which would in turn imply a bunch of breaking changes and new releases, which I'm not sure is justified atm :p

@dvdplm
Copy link
Collaborator

dvdplm commented Jun 17, 2019

The change to panic with the wrong size is pretty new and before it was resizing the slice to the proper size, so old code might expect that behaviour. I agree with the change, but runtime panics like this are bad. Presumably any new code written will have tests in place to catch the panics but that's far from satisfying. The name from_slice is not helping here, it looks pretty innocent and "safe" (and I'm the first to admit I rarely read the rust docs for our own code where this is indeed mentioned).

We can:

  1. rename it to something "dangerous", like from_slice_but_watchout_it_panics()
  2. make it safe on the type level, like @ngotchac suggests
  3. revert from_slice to behave like before, silently taking care of padding/truncating

Personally I'm tending to 3) tbh, but I'd like to hear more voices.

dvdplm added a commit that referenced this pull request Jun 17, 2019
* master:
  updater: fix static id hashes initialization (#10755)
  Use fewer threads for snapshotting (#10752)
  Die error_chain, die (#10747)
  Fix deprectation warnings on nightly (#10746)
  fix docker tags for publishing (#10741)
  DevP2p: Get node IP address and udp port from Socket, if not included in PING packet (#10705)
  ethcore: enable ECIP-1054 for classic (#10731)
  Stop breaking out of loop if a non-canonical hash is found (#10729)
  Refactor Clique stepping (#10691)
  Use RUSTFLAGS to set the optimization level (#10719)
  SecretStore: non-blocking wait of session completion (#10303)
  removed secret_store folder (#10722)
  SecretStore: expose restore_key_public in HTTP API (#10241)
  Revert "enable lto for release builds (#10717)" (#10721)
  enable lto for release builds (#10717)
  Merge `Notifier` and `TransactionsPoolNotifier` (#10591)
@ngotchac
Copy link
Contributor

But why did we change the behavior in the first place?

@dvdplm
Copy link
Collaborator

dvdplm commented Jun 17, 2019

But why did we change the behavior in the first place?

paritytech/parity-common@ef4a8d8

EDIT: and before that it was paritytech/parity-common@9dec8ff#diff-058ba728d97e352f0db6a91ab02dc64bR86

@ngotchac
Copy link
Contributor

Yeah, I would vote for having from_fixed_bytes and from_bytes_padding/from_padded_bytes or something similar, so we'll have to update each references and be sure that it's correctly used.

dvdplm added a commit that referenced this pull request Jun 18, 2019
* master:
  Enable aesni (#10756)
  remove support of old SS db formats (#10757)
  [devp2p] Don't use `rust-crypto` (#10714)
  updater: fix static id hashes initialization (#10755)
  Use fewer threads for snapshotting (#10752)
  Die error_chain, die (#10747)
  Fix deprectation warnings on nightly (#10746)
  fix docker tags for publishing (#10741)
  DevP2p: Get node IP address and udp port from Socket, if not included in PING packet (#10705)
  ethcore: enable ECIP-1054 for classic (#10731)
  Stop breaking out of loop if a non-canonical hash is found (#10729)
  Refactor Clique stepping (#10691)
  Use RUSTFLAGS to set the optimization level (#10719)
  SecretStore: non-blocking wait of session completion (#10303)
  removed secret_store folder (#10722)
  SecretStore: expose restore_key_public in HTTP API (#10241)
  Revert "enable lto for release builds (#10717)" (#10721)
  enable lto for release builds (#10717)
  Merge `Notifier` and `TransactionsPoolNotifier` (#10591)
dvdplm added a commit that referenced this pull request Jun 19, 2019
…-even

* master:
  [devp2p] Update to 2018 edition (#10716)
  Add a way to signal shutdown to snapshotting threads (#10744)
  Enable aesni (#10756)
  remove support of old SS db formats (#10757)
  [devp2p] Don't use `rust-crypto` (#10714)
  updater: fix static id hashes initialization (#10755)
  Use fewer threads for snapshotting (#10752)
  Die error_chain, die (#10747)
  Fix deprectation warnings on nightly (#10746)
  fix docker tags for publishing (#10741)
  DevP2p: Get node IP address and udp port from Socket, if not included in PING packet (#10705)
  ethcore: enable ECIP-1054 for classic (#10731)
dvdplm added a commit that referenced this pull request Jun 19, 2019
…p/chore/aura-log-validator-set-in-epoch-manager

* dp/chore/aura-warn-when-validators-is-1-or-even:
  [devp2p] Update to 2018 edition (#10716)
  Add a way to signal shutdown to snapshotting threads (#10744)
  Enable aesni (#10756)
  remove support of old SS db formats (#10757)
  [devp2p] Don't use `rust-crypto` (#10714)
  updater: fix static id hashes initialization (#10755)
  Use fewer threads for snapshotting (#10752)
  Die error_chain, die (#10747)
  Fix deprectation warnings on nightly (#10746)
  fix docker tags for publishing (#10741)
  Update ethcore/src/engines/validator_set/simple_list.rs
  DevP2p: Get node IP address and udp port from Socket, if not included in PING packet (#10705)
  ethcore: enable ECIP-1054 for classic (#10731)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
A0-pleasereview 🤓 Pull request needs code review. M4-core ⛓ Core client code / Rust.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants