hubcio commented on code in PR #3269:
URL: https://github.com/apache/iggy/pull/3269#discussion_r3263414281
##########
core/journal/src/prepare_journal.rs:
##########
@@ -143,27 +186,40 @@ impl PrepareJournal {
while pos + HEADER_SIZE as u64 <= file_len {
// Read the 256-byte header
header_buf = storage.read_at(pos, header_buf).await?;
- let header: PrepareHeader =
- *bytemuck::checked::from_bytes::<PrepareHeader>(&header_buf);
+ // `try_from_bytes` so an invalid bit pattern (e.g. a corrupt
+ // `command` byte yielding no `Command2` variant) routes through
+ // `truncate_or_fail` instead of panicking the recovery thread.
+ let Ok(header_ref) =
bytemuck::checked::try_from_bytes::<PrepareHeader>(&header_buf)
+ else {
+ truncate_or_fail(&storage, pos, "corrupt header (invalid bit
pattern)").await?;
+ break;
+ };
+ let header: PrepareHeader = *header_ref;
// Validate: must be a Prepare command with sane size
if header.command != Command2::Prepare
|| (header.size as usize) < HEADER_SIZE
|| u64::from(header.size) > MAX_ENTRY_SIZE
{
- // Corrupt or non-prepare entry, truncate here
- storage.truncate(pos).await?;
+ truncate_or_fail(&storage, pos, "corrupt or non-prepare
entry").await?;
break;
}
let entry_size = u64::from(header.size);
+ // TODO(hubcio): verify `header.checksum` / `header.checksum_body`
Review Comment:
no issue yet. for now just todo is enough; we'll scan all TODOs for
cluster-related crates (simulator, message bus, journal, etc) and fix them one
by one when release comes. for now, we just want to be aware about problems,
not necessary fix htem
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
