From 068d5ee1a3ac40dabd00d211d5013af44be55bea Mon Sep 17 00:00:00 2001
From: leveldb Team <no-reply@google.com>
Date: Tue, 18 Apr 2023 22:38:59 +0000
Subject: leveldb: Check slice length in Footer::DecodeFrom()

Without this check decoding the footer in Table::Open() can read
uninitialized bytes from a buffer allocated on the stack if the file
was unexpectedly short.

In practice this is probably fine since this function validates a magic
number but MSan complains about branching on uninitialized data.

PiperOrigin-RevId: 525271012
---
 table/format.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/table/format.cc b/table/format.cc
index 7647372..ae998c1 100644
--- a/table/format.cc
+++ b/table/format.cc
@@ -41,6 +41,10 @@ void Footer::EncodeTo(std::string* dst) const {
 }
 
 Status Footer::DecodeFrom(Slice* input) {
+  if (input->size() < kEncodedLength) {
+    return Status::Corruption("not an sstable (footer too short)");
+  }
+
   const char* magic_ptr = input->data() + kEncodedLength - 8;
   const uint32_t magic_lo = DecodeFixed32(magic_ptr);
   const uint32_t magic_hi = DecodeFixed32(magic_ptr + 4);
-- 
cgit v1.2.1