Commit dfa0401
persist: Validate full part tiling in unflatten, not just endpoints
Trace::unflatten's check that a spine batch's reconstructed parts cover its
id range only verified the endpoints: the first part starts at the batch
id's lower and the last ends at its upper. A crafted rollup could encode an
outer id [0, 3) tiled by non-contiguous parts [0, 2) and [1, 3): the endpoint
check passes, and Trace::validate also passes because it inspects the outer
SpineBatch ids and descriptions, never the adjacency of a SpineBatch's parts.
That malformed trace would be accepted at decode and panic later in normal
maintenance instead. fueled_merge_reqs_before_ms emits a FueledMergeReq from
the accepted parts, and Compactor::chunk_runs / compact_all (plus the id-range
merge path in apply_merge_res_checked) call id_range on those ids, whose
adjacency check is an assert_eq!. So the hardening still converted a corrupted
durable rollup into a process panic for this invariant.
Validate the full tiling in unflatten: require adjacent parts to be contiguous
in addition to the existing endpoint check, so non-adjacent parts fail with a
decode error. Adds a decode-rejection regression test for the overlapping-parts
vector alongside the existing partless-spine-batch one.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent 3c01721 commit dfa0401
2 files changed
Lines changed: 41 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2436 | 2436 | | |
2437 | 2437 | | |
2438 | 2438 | | |
2439 | | - | |
| 2439 | + | |
| 2440 | + | |
| 2441 | + | |
| 2442 | + | |
| 2443 | + | |
| 2444 | + | |
| 2445 | + | |
| 2446 | + | |
| 2447 | + | |
| 2448 | + | |
| 2449 | + | |
| 2450 | + | |
| 2451 | + | |
| 2452 | + | |
| 2453 | + | |
| 2454 | + | |
| 2455 | + | |
| 2456 | + | |
| 2457 | + | |
| 2458 | + | |
| 2459 | + | |
| 2460 | + | |
| 2461 | + | |
| 2462 | + | |
| 2463 | + | |
| 2464 | + | |
| 2465 | + | |
| 2466 | + | |
| 2467 | + | |
| 2468 | + | |
| 2469 | + | |
2440 | 2470 | | |
2441 | 2471 | | |
2442 | 2472 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
451 | 451 | | |
452 | 452 | | |
453 | 453 | | |
454 | | - | |
455 | | - | |
| 454 | + | |
| 455 | + | |
| 456 | + | |
| 457 | + | |
| 458 | + | |
| 459 | + | |
| 460 | + | |
| 461 | + | |
456 | 462 | | |
457 | 463 | | |
| 464 | + | |
458 | 465 | | |
459 | 466 | | |
460 | | - | |
| 467 | + | |
461 | 468 | | |
462 | 469 | | |
463 | 470 | | |
| |||
0 commit comments