git/cbtree.h
René Scharfe 8bcda98da5 oidtree: avoid unaligned access to crit-bit tree
The flexible array member "k" of struct cb_node is used to store the key
of the crit-bit tree node.  It offers no alignment guarantees -- in fact
the current struct layout puts it one byte after a 4-byte aligned
address, i.e. guaranteed to be misaligned.

oidtree uses a struct object_id as cb_node key.  Since cf0983213c (hash:
add an algo member to struct object_id, 2021-04-26) it requires 4-byte
alignment.  The mismatch is reported by UndefinedBehaviorSanitizer at
runtime like this:

hash.h:277:2: runtime error: member access within misaligned address 0x00015000802d for type 'struct object_id', which requires 4 byte alignment
0x00015000802d: note: pointer points here
 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00
             ^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior hash.h:277:2 in

We can fix that by:

1. eliminating the alignment requirement of struct object_id,
2. providing the alignment in struct cb_node, or
3. avoiding the issue by only using memcpy to access "k".

Currently we only store one of two values in "algo" in struct object_id.
We could use a uint8_t for that instead and widen it only once we add
support for our twohundredth algorithm or so.  That would not only avoid
alignment issues, but also reduce the memory requirements for each
instance of struct object_id by ca. 9%.

Supporting keys with alignment requirements might be useful to spread
the use of crit-bit trees.  It can be achieved by using a wider type for
"k" (e.g. uintmax_t), using different types for the members "byte" and
"otherbits" (e.g. uint16_t or uint32_t for each), or by avoiding the use
of flexible arrays like khash.h does.

This patch implements the third option, though, because it has the least
potential for causing side-effects and we're close to the next release.
If one of the other options is implemented later as well to get their
additional benefits we can get rid of the extra copies introduced here.

Reported-by: Andrzej Hunt <andrzej@ahunt.org>
Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2021-08-15 13:13:50 -07:00

56 lines
1.5 KiB
C

/*
* crit-bit tree implementation, does no allocations internally
* For more information on crit-bit trees: https://cr.yp.to/critbit.html
* Based on Adam Langley's adaptation of Dan Bernstein's public domain code
* git clone https://github.com/agl/critbit.git
*
* This is adapted to store arbitrary data (not just NUL-terminated C strings
* and allocates no memory internally. The user needs to allocate
* "struct cb_node" and fill cb_node.k[] with arbitrary match data
* for memcmp.
* If "klen" is variable, then it should be embedded into "c_node.k[]"
* Recursion is bound by the maximum value of "klen" used.
*/
#ifndef CBTREE_H
#define CBTREE_H
#include "git-compat-util.h"
struct cb_node;
struct cb_node {
struct cb_node *child[2];
/*
* n.b. uint32_t for `byte' is excessive for OIDs,
* we may consider shorter variants if nothing else gets stored.
*/
uint32_t byte;
uint8_t otherbits;
uint8_t k[FLEX_ARRAY]; /* arbitrary data, unaligned */
};
struct cb_tree {
struct cb_node *root;
};
enum cb_next {
CB_CONTINUE = 0,
CB_BREAK = 1
};
#define CBTREE_INIT { .root = NULL }
static inline void cb_init(struct cb_tree *t)
{
t->root = NULL;
}
struct cb_node *cb_lookup(struct cb_tree *, const uint8_t *k, size_t klen);
struct cb_node *cb_insert(struct cb_tree *, struct cb_node *, size_t klen);
struct cb_node *cb_unlink(struct cb_tree *t, const uint8_t *k, size_t klen);
typedef enum cb_next (*cb_iter)(struct cb_node *, void *arg);
void cb_each(struct cb_tree *, const uint8_t *kpfx, size_t klen,
cb_iter, void *arg);
#endif /* CBTREE_H */