Skip to content

Commit

Permalink
Fix potential buffer overflow (facebookresearch#3146)
Browse files Browse the repository at this point in the history
Summary:
Size of pointer `sub_x` used instead of size of its data. This is likely to lead to a buffer overflow if the user is not lucky enough to be in a x32 bit machine where `sizeof(float*) == sizeof(float)`.
You probably intend to write `sizeof(*sub_x)` or `sizeof(float)` ?

Pull Request resolved: facebookresearch#3146

Reviewed By: mlomeli1

Differential Revision: D51618892

Pulled By: algoriddle

fbshipit-source-id: 82acd98009515e963c547d5c62946f93ef5561b5
  • Loading branch information
baderouaich authored and facebook-github-bot committed Dec 11, 2023
1 parent 9107035 commit 9f8f238
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion faiss/MetaIndexes.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ void IndexSplitVectors::search(
for (idx_t i = 0; i < n; i++)
memcpy(sub_x.get() + i * sub_d,
x + ofs + i * d,
sub_d * sizeof(sub_x));
sub_d * sizeof(float));
sub_index->search(n, sub_x.get(), k, distances1, labels1);
if (index->verbose)
printf("end query shard %d\n", no);
Expand Down

0 comments on commit 9f8f238

Please sign in to comment.