From 9ceed5378eec8a5bc41e8cbb28709c1fc5f4cf19 Mon Sep 17 00:00:00 2001
From: Fabian Reinartz <fab.reinartz@gmail.com>
Date: Thu, 15 Dec 2016 11:24:20 +0100
Subject: [PATCH] Fix missing bound checks, off-by-ones, typos

---
 block.go  |  6 ++++--
 reader.go | 16 +++++++++++-----
 writer.go | 17 +++++++----------
 3 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/block.go b/block.go
index 7fedc1916..37deab584 100644
--- a/block.go
+++ b/block.go
@@ -90,9 +90,11 @@ func findPersistedBlocks(path string) ([]*persistedBlock, error) {
 	}
 
 	for _, fi := range files {
-		pb, err := newPersistedBlock(fi.Name())
+		p := filepath.Join(path, fi.Name())
+
+		pb, err := newPersistedBlock(p)
 		if err != nil {
-			return nil, fmt.Errorf("error initializing block %q: %s", fi.Name(), err)
+			return nil, fmt.Errorf("error initializing block %q: %s", p, err)
 		}
 		pbs = append(pbs, pb)
 	}
diff --git a/reader.go b/reader.go
index 407e07c35..83ede2ad5 100644
--- a/reader.go
+++ b/reader.go
@@ -129,8 +129,13 @@ func readHashmap(flag byte, b []byte, err error) (map[string]uint32, error) {
 		if n < 1 {
 			return nil, errInvalidSize
 		}
-		s := string(b[n : n+int(l)])
-		b = b[n+int(l):]
+		b = b[n:]
+
+		if len(b) < int(l) {
+			return nil, errInvalidSize
+		}
+		s := string(b[:l])
+		b = b[l:]
 
 		o, n := binary.Uvarint(b)
 		if n < 1 {
@@ -151,15 +156,16 @@ func (r *indexReader) section(o uint32) (byte, []byte, error) {
 		return 0, nil, errInvalidSize
 	}
 
-	flag := r.b[0]
+	flag := b[0]
 	l := binary.BigEndian.Uint32(b[1:5])
 
 	b = b[5:]
 
-	if len(b) < int(l) {
+	// b must have the given length plus 4 bytes for the CRC32 checksum.
+	if len(b) < int(l)+4 {
 		return 0, nil, errInvalidSize
 	}
-	return flag, b, nil
+	return flag, b[:l], nil
 }
 
 func (r *indexReader) lookupSymbol(o uint32) ([]byte, error) {
diff --git a/writer.go b/writer.go
index 43598d7a1..5358eb612 100644
--- a/writer.go
+++ b/writer.go
@@ -196,11 +196,10 @@ type indexWriter struct {
 
 func newIndexWriter(w io.Writer) *indexWriter {
 	return &indexWriter{
-		w:            w,
-		n:            0,
-		symbols:      make(map[string]uint32, 4096),
-		series:       make(map[uint32]*indexWriterSeries, 4096),
-		labelIndexes: make([]hashEntry, 10),
+		w:       w,
+		n:       0,
+		symbols: make(map[string]uint32, 4096),
+		series:  make(map[uint32]*indexWriterSeries, 4096),
 	}
 }
 
@@ -212,12 +211,10 @@ func (w *indexWriter) write(wr io.Writer, b []byte) error {
 
 // section writes a CRC32 checksummed section of length l and guarded by flag.
 func (w *indexWriter) section(l uint32, flag byte, f func(w io.Writer) error) error {
-	l++ // account for flag byte
-
 	h := crc32.NewIEEE()
 	wr := io.MultiWriter(h, w.w)
 
-	b := [5]byte{flagStd, 0, 0, 0, 0}
+	b := [5]byte{flag, 0, 0, 0, 0}
 	binary.BigEndian.PutUint32(b[1:], l)
 
 	if err := w.write(wr, b[:]); err != nil {
@@ -357,7 +354,7 @@ func (w *indexWriter) WriteLabelIndex(names []string, values []string) error {
 		for _, v := range valt.s {
 			binary.BigEndian.PutUint32(buf, w.symbols[v])
 
-			if err := w.write(wr, buf); err != nil {
+			if err := w.write(wr, buf[:4]); err != nil {
 				return err
 			}
 		}
@@ -410,7 +407,7 @@ func (w *indexWriter) writeHashmap(h []hashEntry) error {
 		b = append(b, buf[:n]...)
 	}
 
-	return w.section(uint32(len(buf)), flagStd, func(wr io.Writer) error {
+	return w.section(uint32(len(b)), flagStd, func(wr io.Writer) error {
 		return w.write(wr, b)
 	})
 }
-- 
GitLab