rgw/compression antibug check

If another bug tells the compression filter to decompress more
data than is actually present, the resulting "end_of_buffer"
error was thrown.  The thrown exception unwinds the stack,
including a completion that is pending.  The resulting core dump
indicates a failure with this completion rather than the end of buffer
exception, which is misleading and not useful.

With this change, radosgw does not abort, and instead logs
a somewhat useful message before returning an "unknown" error
to the client.

Fixes: https://tracker.ceph.com/issues/23264
Signed-off-by: Marcus Watts <mwatts@redhat.com>
(cherry picked from commit 8c7b0fac53107c5fdfcd1b9d5c5d6933b7ace39f)

Resolves: rhbz#2300284

diff --git a/src/rgw/rgw_compression.cc b/src/rgw/rgw_compression.cc
index 1c666e551c9b1d0aca2051ae6fcc7c9252a7ee8d..36c37886c03396ed13c7ebdc7f8658eae63ec17c 100644 (file)
--- a/src/rgw/rgw_compression.cc
+++ b/src/rgw/rgw_compression.cc
@@ -173,6 +173,17 @@ int RGWGetObj_Decompress::handle_data(bufferlist& bl, off_t bl_ofs, off_t bl_len
       lsubdout(cct, rgw, 0) << "handle_data failed with exit code " << r << dendl;
       return r;
     }
+    // the next avoids an end_of_buffer exception that can be thrown
+    // if we try to read past the end of the compressed data,
+    // "which should never happen".  (The crash dump after this is
+    // useless for diagnostic purposes.)
+    if (out_bl.length() < q_ofs + ch_len) {
+      lsubdout(cct, rgw, 0) << "handle_data consumed data? out_bl.len=" <<
+        out_bl.length()
+        << " q_ofs=" << q_ofs << " ch_len=" << ch_len
+        << " q_len=" << q_len << dendl;
+      return -EIO;
+    }
     out_bl.splice(0, q_ofs + ch_len);
     q_len -= ch_len;
     q_ofs = 0;