You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In file: db.go, the fields of the Options struct are organized in a way that takes more memory. The fields of the struct can be sorted in a way that takes less memory than the initial alignment.
// Options represents the options that can be set when opening a database.typeOptionsstruct {
// Timeout is the amount of time to wait to obtain a file lock.// When set to zero it will wait indefinitely.Timeout time.Duration// Sets the DB.NoGrowSync flag before memory mapping the file.NoGrowSyncbool// Do not sync freelist to disk. This improves the database write performance// under normal operation, but requires a full database re-sync during recovery.NoFreelistSyncbool// PreLoadFreelist sets whether to load the free pages when opening// the db file. Note when opening db in write mode, bbolt will always// load the free pages.PreLoadFreelistbool// FreelistType sets the backend freelist type. There are two options. Array which is simple but endures// dramatic performance degradation if database is large and fragmentation in freelist is common.// The alternative one is using hashmap, it is faster in almost all circumstances// but it doesn't guarantee that it offers the smallest page id available. In normal case it is safe.// The default type is arrayFreelistTypeFreelistType// Open database in read-only mode. Uses flock(..., LOCK_SH |LOCK_NB) to// grab a shared lock (UNIX).ReadOnlybool// Sets the DB.MmapFlags flag before memory mapping the file.MmapFlagsint// InitialMmapSize is the initial mmap size of the database// in bytes. Read transactions won't block write transaction// if the InitialMmapSize is large enough to hold database mmap// size. (See DB.Begin for more information)//// If <=0, the initial map size is 0.// If initialMmapSize is smaller than the previous database size,// it takes no effect.InitialMmapSizeint// PageSize overrides the default OS page size.PageSizeint// NoSync sets the initial value of DB.NoSync. Normally this can just be// set directly on the DB itself when returned from Open(), but this option// is useful in APIs which expose Options but not the underlying DB.NoSyncbool// OpenFile is used to open files. It defaults to os.OpenFile. This option// is useful for writing hermetic tests.OpenFilefunc(string, int, os.FileMode) (*os.File, error)
// Mlock locks database file in memory when set to true.// It prevents potential page faults, however// used memory can't be reclaimed. (UNIX only)Mlockbool// Logger is the logger used for bbolt.LoggerLogger
}
For the above alignment, the size of the struct is 104 bytes (for 64-bit systems). It can be reduced to 80 bytes by aligning the fields as follows:
typeOptionsstruct {
// Timeout is the amount of time to wait to obtain a file lock.// When set to zero it will wait indefinitely.Timeout time.Duration// FreelistType sets the backend freelist type. There are two options. Array which is simple but endures// dramatic performance degradation if database is large and fragmentation in freelist is common.// The alternative one is using hashmap, it is faster in almost all circumstances// but it doesn't guarantee that it offers the smallest page id available. In normal case it is safe.// The default type is arrayFreelistTypeFreelistType// Sets the DB.MmapFlags flag before memory mapping the file.MmapFlagsint// InitialMmapSize is the initial mmap size of the database// in bytes. Read transactions won't block write transaction// if the InitialMmapSize is large enough to hold database mmap// size. (See DB.Begin for more information)//// If <=0, the initial map size is 0.// If initialMmapSize is smaller than the previous database size,// it takes no effect.InitialMmapSizeint// PageSize overrides the default OS page size.PageSizeint// OpenFile is used to open files. It defaults to os.OpenFile. This option// is useful for writing hermetic tests.OpenFilefunc(string, int, os.FileMode) (*os.File, error)
// Logger is the logger used for bbolt.LoggerLogger// Mlock locks database file in memory when set to true.// It prevents potential page faults, however// used memory can't be reclaimed. (UNIX only)Mlockbool// Sets the DB.NoGrowSync flag before memory mapping the file.NoGrowSyncbool// Do not sync freelist to disk. This improves the database write performance// under normal operation, but requires a full database re-sync during recovery.NoFreelistSyncbool// PreLoadFreelist sets whether to load the free pages when opening// the db file. Note when opening db in write mode, bbolt will always// load the free pages.PreLoadFreelistbool// Open database in read-only mode. Uses flock(..., LOCK_SH |LOCK_NB) to// grab a shared lock (UNIX).ReadOnlybool// NoSync sets the initial value of DB.NoSync. Normally this can just be// set directly on the DB itself when returned from Open(), but this option// is useful in APIs which expose Options but not the underlying DB.NoSyncbool
}
Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.
The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.
The text was updated successfully, but these errors were encountered:
Overview
In file: db.go, the fields of the
Options
struct are organized in a way that takes more memory. The fields of the struct can be sorted in a way that takes less memory than the initial alignment.For the above alignment, the size of the struct is 104 bytes (for 64-bit systems). It can be reduced to 80 bytes by aligning the fields as follows:
Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.
The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.
The text was updated successfully, but these errors were encountered: