[GitHub] [hbase] ndimiduk commented on a change in pull request #2380: HBASE-25010 `assert` on allocated buffer sizes before making calls to `Unsafe.copyMemory`

Thu, 10 Sep 2020 14:25:19 -0700 


ndimiduk commented on a change in pull request #2380:
URL: https://github.com/apache/hbase/pull/2380#discussion_r486642223



##########
File path: 
hbase-common/src/main/java/org/apache/hadoop/hbase/util/UnsafeAccess.java
##########
@@ -327,6 +327,11 @@ public static void copy(byte[] src, int srcOffset, 
ByteBuffer dest, int destOffs
       destBase = dest.array();
     }
     long srcAddress = srcOffset + BYTE_ARRAY_BASE_OFFSET;
+    assert (src.length - srcOffset) >= length : "unsafe memory access: 
attempting to copy "
+      + length + " bytes from src when only " + (src.length - srcOffset) + " 
capacity remains";
+    assert (dest.capacity() - destOffset) >= length : "unsafe memory access: 
attempting to copy "
+      + length + " bytes into dest when only " + (dest.capacity() - destOffset)
+      + " capacity remains.";
     unsafeCopy(src, srcAddress, destBase, destAddress, length);

Review comment:
       These `assert` are protecting calls to the method invoked by 
`unsafeCopy`: `Unsafe.copyMemory`. The documentation on that method makes no 
mention of bounds checking, and indeed I don't think it can because it accepts 
`Object,long` as parameters describing the source and destination memory 
addresses.
   
   From AdoptOpenJDK:
   ```
       /**
        * Sets all bytes in a given block of memory to a copy of another
        * block.
        *
        * <p>This method determines each block's base address by means of two 
parameters,
        * and so it provides (in effect) a <em>double-register</em> addressing 
mode,
        * as discussed in {@link #getInt(Object,long)}.  When the object 
reference is null,
        * the offset supplies an absolute base address.
        *
        * <p>The transfers are in coherent (atomic) units of a size determined
        * by the address and length parameters.  If the effective addresses and
        * length are all even modulo 8, the transfer takes place in 'long' 
units.
        * If the effective addresses and length are (resp.) even modulo 4 or 2,
        * the transfer takes place in units of 'int' or 'short'.
        *
        * @since 1.7
        */
       public native void copyMemory(Object srcBase, long srcOffset,
                                     Object destBase, long destOffset,
                                     long bytes);
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to