compression: avoid msan crashes

RaduBerinde · RaduBerinde · commit 4b619b70ec94 · 2025-09-05T08:41:38.000-07:00
Some of the compression algorithms use hand-written assembly code, which is "invislble" to the memory sanitizer. Together with the recent change to use `malloc` instead of `calloc` for the block cache, this results in uninitialized memory failures with `msan`. The fix is to call `runtime.MSanWrite()` to inform `msan` that the memory was written to. Note that `runtime.MSanWrite()` exists only in builds with the `msan` tag. Fixes #5275
diff --git a/internal/compression/minlz.go b/internal/compression/minlz.go
@@ -29,6 +29,7 @@ func (c *minlzCompressor) Compress(dst, src []byte) ([]byte, Setting) {
 	if err != nil {
 		panic(errors.Wrap(err, "minlz compression"))
 	}
+	msanWrite(compressed)
 	return compressed, Setting{Algorithm: MinLZ, Level: uint8(c.level)}
 }
 
@@ -54,11 +55,15 @@ var _ Decompressor = minlzDecompressor{}
 
 func (minlzDecompressor) DecompressInto(buf, compressed []byte) error {
 	result, err := minlz.Decode(buf, compressed)
+	if err != nil {
+		return err
+	}
 	if len(result) != len(buf) || (len(result) > 0 && &result[0] != &buf[0]) {
 		return base.CorruptionErrorf("pebble/table: decompressed into unexpected buffer: %p != %p",
 			errors.Safe(result), errors.Safe(buf))
 	}
-	return err
+	msanWrite(result)
+	return nil
 }
 
 func (minlzDecompressor) DecompressedLen(b []byte) (decompressedLen int, err error) {
diff --git a/internal/compression/msan_off.go b/internal/compression/msan_off.go
@@ -0,0 +1,11 @@
+// Copyright 2025 The LevelDB-Go and Pebble Authors. All rights reserved. Use
+// of this source code is governed by a BSD-style license that can be found in
+// the LICENSE file.
+
+//go:build !msan
+
+package compression
+
+// msanWrite is used to inform MemorySanitizer that the memory in p was written
+// to; this is necessary for some compression algorithms which use assembly code.
+func msanWrite(p []byte) {}
diff --git a/internal/compression/msan_on.go b/internal/compression/msan_on.go
@@ -0,0 +1,20 @@
+// Copyright 2025 The LevelDB-Go and Pebble Authors. All rights reserved. Use
+// of this source code is governed by a BSD-style license that can be found in
+// the LICENSE file.
+
+//go:build msan
+
+package compression
+
+import (
+	"runtime"
+	"unsafe"
+)
+
+// msanWrite is used to inform MemorySanitizer that the memory in p was written
+// to; this is necessary for some compression algorithms which use assembly code.
+func msanWrite(p []byte) {
+	if len(p) > 0 {
+		runtime.MSanWrite(unsafe.Pointer(&p[0]), len(p))
+	}
+}
diff --git a/internal/compression/snappy.go b/internal/compression/snappy.go
@@ -17,8 +17,9 @@ var _ Compressor = snappyCompressor{}
 func (snappyCompressor) Algorithm() Algorithm { return Snappy }
 
 func (snappyCompressor) Compress(dst, src []byte) ([]byte, Setting) {
-	dst = dst[:cap(dst):cap(dst)]
-	return snappy.Encode(dst, src), SnappySetting
+	result := snappy.Encode(dst[:cap(dst):cap(dst)], src)
+	msanWrite(result)
+	return result, SnappySetting
 }
 
 func (snappyCompressor) Close() {}
@@ -36,6 +37,7 @@ func (snappyDecompressor) DecompressInto(buf, compressed []byte) error {
 		return base.CorruptionErrorf("pebble: decompressed into unexpected buffer: %p != %p",
 			errors.Safe(result), errors.Safe(buf))
 	}
+	msanWrite(buf)
 	return nil
 }
 
diff --git a/internal/compression/zstd_cgo.go b/internal/compression/zstd_cgo.go
@@ -60,6 +60,7 @@ func (z *zstdCompressor) Compress(compressedBuf []byte, b []byte) ([]byte, Setti
 	if &result[0] != &compressedBuf[varIntLen] {
 		panic("Allocated a new buffer despite checking CompressBound.")
 	}
+	msanWrite(result)
 
 	return compressedBuf[:varIntLen+len(result)], Setting{Algorithm: Zstd, Level: uint8(z.level)}
 }
@@ -80,8 +81,7 @@ type zstdDecompressor struct {
 
 var _ Decompressor = (*zstdDecompressor)(nil)
 
-// DecompressInto decompresses src with the Zstandard algorithm. The destination
-// buffer must already be sufficiently sized, otherwise DecompressInto may error.
+// DecompressInto is part of the Decompressor interface.
 func (z *zstdDecompressor) DecompressInto(dst, src []byte) error {
 	// The payload is prefixed with a varint encoding the length of
 	// the decompressed block.
@@ -93,10 +93,14 @@ func (z *zstdDecompressor) DecompressInto(dst, src []byte) error {
 	if len(dst) == 0 {
 		return errors.Errorf("decodeZstd: empty dst buffer")
 	}
-	_, err := z.ctx.DecompressInto(dst, src)
+	n, err := z.ctx.DecompressInto(dst, src)
 	if err != nil {
 		return err
 	}
+	if n != len(dst) {
+		return base.CorruptionErrorf("ZSTD decompressed %d bytes, expected %d", n, len(dst))
+	}
+	msanWrite(dst)
 	return nil
 }
 
diff --git a/internal/compression/zstd_nocgo.go b/internal/compression/zstd_nocgo.go
@@ -43,6 +43,7 @@ func (z *zstdCompressor) Compress(compressedBuf, b []byte) ([]byte, Setting) {
 	}
 	varIntLen := binary.PutUvarint(compressedBuf, uint64(len(b)))
 	res := z.encoder.EncodeAll(b, compressedBuf[:varIntLen])
+	msanWrite(res)
 	return res, Setting{Algorithm: Zstd, Level: uint8(z.level)}
 }
 
@@ -84,6 +85,7 @@ func (zstdDecompressor) DecompressInto(dst, src []byte) error {
 		return base.CorruptionErrorf("pebble/table: decompressed into unexpected buffer: %p != %p",
 			errors.Safe(result), errors.Safe(dst))
 	}
+	msanWrite(result)
 	return nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ func (c *minlzCompressor) Compress(dst, src []byte) ([]byte, Setting) {`
`29`	`29`	`if err != nil {`
`30`	`30`	`panic(errors.Wrap(err, "minlz compression"))`
`31`	`31`	`}`
	`32`	`+ msanWrite(compressed)`
`32`	`33`	`return compressed, Setting{Algorithm: MinLZ, Level: uint8(c.level)}`
`33`	`34`	`}`
`34`	`35`
`@@ -54,11 +55,15 @@ var _ Decompressor = minlzDecompressor{}`
`54`	`55`
`55`	`56`	`func (minlzDecompressor) DecompressInto(buf, compressed []byte) error {`
`56`	`57`	`result, err := minlz.Decode(buf, compressed)`
	`58`	`+ if err != nil {`
	`59`	`+ return err`
	`60`	`+ }`
`57`	`61`	`if len(result) != len(buf) \|\| (len(result) > 0 && &result[0] != &buf[0]) {`
`58`	`62`	`return base.CorruptionErrorf("pebble/table: decompressed into unexpected buffer: %p != %p",`
`59`	`63`	`errors.Safe(result), errors.Safe(buf))`
`60`	`64`	`}`
`61`		`- return err`
	`65`	`+ msanWrite(result)`
	`66`	`+ return nil`
`62`	`67`	`}`
`63`	`68`
`64`	`69`	`func (minlzDecompressor) DecompressedLen(b []byte) (decompressedLen int, err error) {`
Original file line number	Diff line number	Diff line change
`@@ -17,8 +17,9 @@ var _ Compressor = snappyCompressor{}`
`17`	`17`	`func (snappyCompressor) Algorithm() Algorithm { return Snappy }`
`18`	`18`
`19`	`19`	`func (snappyCompressor) Compress(dst, src []byte) ([]byte, Setting) {`
`20`		`- dst = dst[:cap(dst):cap(dst)]`
`21`		`- return snappy.Encode(dst, src), SnappySetting`
	`20`	`+ result := snappy.Encode(dst[:cap(dst):cap(dst)], src)`
	`21`	`+ msanWrite(result)`
	`22`	`+ return result, SnappySetting`
`22`	`23`	`}`
`23`	`24`
`24`	`25`	`func (snappyCompressor) Close() {}`
`@@ -36,6 +37,7 @@ func (snappyDecompressor) DecompressInto(buf, compressed []byte) error {`
`36`	`37`	`return base.CorruptionErrorf("pebble: decompressed into unexpected buffer: %p != %p",`
`37`	`38`	`errors.Safe(result), errors.Safe(buf))`
`38`	`39`	`}`
	`40`	`+ msanWrite(buf)`
`39`	`41`	`return nil`
`40`	`42`	`}`
`41`	`43`
Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,7 @@ func (z *zstdCompressor) Compress(compressedBuf []byte, b []byte) ([]byte, Setti`
`60`	`60`	`if &result[0] != &compressedBuf[varIntLen] {`
`61`	`61`	`panic("Allocated a new buffer despite checking CompressBound.")`
`62`	`62`	`}`
	`63`	`+ msanWrite(result)`
`63`	`64`
`64`	`65`	`return compressedBuf[:varIntLen+len(result)], Setting{Algorithm: Zstd, Level: uint8(z.level)}`
`65`	`66`	`}`
`@@ -80,8 +81,7 @@ type zstdDecompressor struct {`
`80`	`81`
`81`	`82`	`var _ Decompressor = (*zstdDecompressor)(nil)`
`82`	`83`
`83`		`-// DecompressInto decompresses src with the Zstandard algorithm. The destination`
`84`		`-// buffer must already be sufficiently sized, otherwise DecompressInto may error.`
	`84`	`+// DecompressInto is part of the Decompressor interface.`
`85`	`85`	`func (z *zstdDecompressor) DecompressInto(dst, src []byte) error {`
`86`	`86`	`// The payload is prefixed with a varint encoding the length of`
`87`	`87`	`// the decompressed block.`
`@@ -93,10 +93,14 @@ func (z *zstdDecompressor) DecompressInto(dst, src []byte) error {`
`93`	`93`	`if len(dst) == 0 {`
`94`	`94`	`return errors.Errorf("decodeZstd: empty dst buffer")`
`95`	`95`	`}`
`96`		`- _, err := z.ctx.DecompressInto(dst, src)`
	`96`	`+ n, err := z.ctx.DecompressInto(dst, src)`
`97`	`97`	`if err != nil {`
`98`	`98`	`return err`
`99`	`99`	`}`
	`100`	`+ if n != len(dst) {`
	`101`	`+ return base.CorruptionErrorf("ZSTD decompressed %d bytes, expected %d", n, len(dst))`
	`102`	`+ }`
	`103`	`+ msanWrite(dst)`
`100`	`104`	`return nil`
`101`	`105`	`}`
`102`	`106`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,7 @@ func (z *zstdCompressor) Compress(compressedBuf, b []byte) ([]byte, Setting) {`
`43`	`43`	`}`
`44`	`44`	`varIntLen := binary.PutUvarint(compressedBuf, uint64(len(b)))`
`45`	`45`	`res := z.encoder.EncodeAll(b, compressedBuf[:varIntLen])`
	`46`	`+ msanWrite(res)`
`46`	`47`	`return res, Setting{Algorithm: Zstd, Level: uint8(z.level)}`
`47`	`48`	`}`
`48`	`49`
`@@ -84,6 +85,7 @@ func (zstdDecompressor) DecompressInto(dst, src []byte) error {`
`84`	`85`	`return base.CorruptionErrorf("pebble/table: decompressed into unexpected buffer: %p != %p",`
`85`	`86`	`errors.Safe(result), errors.Safe(dst))`
`86`	`87`	`}`
	`88`	`+ msanWrite(result)`
`87`	`89`	`return nil`
`88`	`90`	`}`
`89`	`91`