Skip to content

compression: honor read buffer offset in resize_buffer#12085

Open
saddamr3e wants to merge 2 commits into
fluent:masterfrom
saddamr3e:compression-resize-read-offset
Open

compression: honor read buffer offset in resize_buffer#12085
saddamr3e wants to merge 2 commits into
fluent:masterfrom
saddamr3e:compression-resize-read-offset

Conversation

@saddamr3e

@saddamr3e saddamr3e commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

AddressSanitizer, appending a chunk after a decompression member is consumed:

==ERROR: AddressSanitizer: heap-buffer-overflow  WRITE of size 200
0x6110000...fd0 is located 0 bytes after 208-byte region
    #1 test_resize_buffer_read_offset compression.c
    #2 flb_decompression_context_resize_buffer flb_compression.c:113

Once a member is decoded read_buffer sits at a non-zero offset inside input_buffer. flb_decompression_context_get_available_space() and flb_decompression_context_get_append_buffer() both account for that offset, but resize_buffer() reallocated to new_size only. The packed-forward path in in_forward resizes to input_buffer_length + len and then copies len bytes at get_append_buffer(), so with a non-zero read offset that copy runs read_buffer_offset bytes past the reallocation. Reserve the offset in the reallocation and keep input_buffer_size in sync with it.

Regression test lives in tests/internal/compression.c; it faults under AddressSanitizer before the change and passes after.


Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • [N/A] Example configuration file for the change
  • [N/A] Debug log output from testing the change
  • Attached Valgrind output that shows no leaks or memory corruption was found

Used AddressSanitizer instead of Valgrind: the new tests/internal/compression.c unit test built with -DSANITIZE_ADDRESS=On reports a heap-buffer-overflow write past the resize_buffer() allocation on the unpatched tree and is clean with the fix, and flb-it-gzip / flb-it-zstd stay green.

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • [N/A] Run local packaging test showing all targets (including any new ones) build.
  • [N/A] Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • [N/A] Documentation required for this feature

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

  • Bug Fixes

    • Fixed gzip decompression buffer resizing when unprocessed data remains in the buffer.
    • Prevented potential memory corruption when appending data after decompression.
  • Tests

    • Added coverage for decompression buffer resizing with pending trailing data.

resize_buffer reallocated to new_size while get_available_space and get_append_buffer both account for the read_buffer offset. After a member is consumed read_buffer sits at a non-zero offset, so an append that resizes to input_buffer_length + len and copies len bytes at get_append_buffer ran read_buffer_offset bytes past the reallocation. Reserve the offset in the reallocation and keep input_buffer_size in sync.

Signed-off-by: Saddam <saddamr3e@gmail.com>
Feeds a gzip member plus trailing bytes so read_buffer is left at a non-zero offset, then exercises the packed-forward append path (resize to input_buffer_length + len, copy at get_append_buffer). Fails under AddressSanitizer without the resize_buffer offset fix.

Signed-off-by: Saddam <saddamr3e@gmail.com>
@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

The decompression buffer resize now accounts for unconsumed input offsets. A gzip regression test exercises resizing and appending after decompression, and CMake includes the test in internal unit tests.

Changes

Compression buffer fix

Layer / File(s) Summary
Offset-aware buffer resizing
src/flb_compression.c
Reallocation and input_buffer_size now include the current read_buffer offset.
Resize regression coverage
tests/internal/compression.c, tests/internal/CMakeLists.txt
Adds a gzip decompression test for offset-aware resizing and registers it with the internal unit test build.

Estimated code review effort: 2 (Simple) | ~10 minutes

Suggested reviewers: edsiper, cosmo0920, koleini

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main fix: resize_buffer now honors the read buffer offset during compression-related decompression resizing.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
src/flb_compression.c (2)

109-110: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Reuse the existing flb_decompression_context_get_read_buffer_offset helper.

The offset calculation at lines 109–110 duplicates the logic already encapsulated in flb_decompression_context_get_read_buffer_offset (lines 27–40), which also provides a NULL guard on context. Using the helper reduces duplication and adds the safety check.

♻️ Proposed refactor
-    read_buffer_offset = (uintptr_t) context->read_buffer -
-                         (uintptr_t) context->input_buffer;
+    read_buffer_offset = flb_decompression_context_get_read_buffer_offset(context);
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/flb_compression.c` around lines 109 - 110, Replace the duplicated pointer
subtraction in the decompression flow with the existing
flb_decompression_context_get_read_buffer_offset helper, passing the current
context and preserving assignment to read_buffer_offset. Do not retain the
manual calculation.

112-114: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Guard against integer overflow in read_buffer_offset + new_size.

Both read_buffer_offset and new_size are size_t. Their sum is used as the flb_realloc size (line 114) and stored in input_buffer_size (line 128). If the addition wraps, flb_realloc allocates a tiny buffer while the caller subsequently writes append_len bytes at get_append_buffer() — the same heap-buffer-overflow class this PR fixes. A simple overflow check before the realloc closes the gap.

🛡️ Proposed overflow guard
     if (new_size > context->input_buffer_length) {
+        if (read_buffer_offset > SIZE_MAX - new_size) {
+            return FLB_DECOMPRESSOR_FAILURE;
+        }
         new_buffer_address = flb_realloc(context->input_buffer,
                                          read_buffer_offset + new_size);
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/flb_compression.c` around lines 112 - 114, In the buffer-growth logic
around the realloc call, validate that read_buffer_offset + new_size cannot
exceed SIZE_MAX before performing the addition or passing it to flb_realloc.
Handle the overflow using the function’s existing allocation-failure path, and
ensure the same validated total is used when storing input_buffer_size.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/flb_compression.c`:
- Around line 109-110: Replace the duplicated pointer subtraction in the
decompression flow with the existing
flb_decompression_context_get_read_buffer_offset helper, passing the current
context and preserving assignment to read_buffer_offset. Do not retain the
manual calculation.
- Around line 112-114: In the buffer-growth logic around the realloc call,
validate that read_buffer_offset + new_size cannot exceed SIZE_MAX before
performing the addition or passing it to flb_realloc. Handle the overflow using
the function’s existing allocation-failure path, and ensure the same validated
total is used when storing input_buffer_size.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 37fe48c2-d329-4480-a68f-3b24beefb519

📥 Commits

Reviewing files that changed from the base of the PR and between e6db1af and 2dfd13f.

📒 Files selected for processing (3)
  • src/flb_compression.c
  • tests/internal/CMakeLists.txt
  • tests/internal/compression.c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant