You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are different keys and different values such that sequence of operations SetBig(k1, v1), SetBig(k2, v2), GetBig(k1) will return v2 for last GetBig operation. This is definitely unexpected cache behaviour which is purely result of the implementation of bigcache.
This behaviour should be either fixed, or clearly documented in the code (and maybe even public method names should explicitly reflect guarantees).
Details
fastcache methods for storing large payloads heavily rely on the xxhash digests. More precisely, SetBig(k, v) method will put following entries in the underlying cache:
key: k, value: xxhash64(v) || len(value)
key: xxhash(v) || 0, value: value_block_0
...
key: xxhash(v) || n, value: value_block_n
As xxhash is not cryptographically strong hash functions, it's pretty easy to create several different byte sequences of the same length with same digests. In this case we can encounter very bad cache behaviour, when SetBig(k2, v2) can overwrite value for previously written key SetBig(k1, v1).
You can consider following test which were created by reversing xxhash function (more specifically, we can reverse single round and then for any two different payloads b1 and b2 append 32 bytes to each of them in order to make internal state of xxhash to be the same for both cases):
Unfortunately, I don't know any easy fix for this issue. There is an option to use k || block_index as a block key instead of xxhash(v) || block_index which will provide more guarantees (clashes between different keys will be impossible with this scheme) - but still there will be problems with concurrent updates of single key which can lead to "mix" of values from different calls. Also, this change may degrade performance a bit (but given that keys are usually small - it should be pretty negligible).
But, I suggest to at least add explicit warning in the documentation which definitely will help users of the library to make right & correct decisions about fastcache usage (because current issue can be very critical for cases when fastcache is used for storage of sensitive data, e.g. session information for web application of something similar)
The text was updated successfully, but these errors were encountered:
sivukhin
changed the title
fastcache SetBig correctness
bigcache GetBig/SetBig methods correctness issue
Mar 14, 2024
sivukhin
changed the title
bigcache GetBig/SetBig methods correctness issue
bigcache GetBig/SetBig methods correctness bug
Mar 14, 2024
Description
There are different keys and different values such that sequence of operations
SetBig(k1, v1), SetBig(k2, v2), GetBig(k1)
will returnv2
for lastGetBig
operation. This is definitely unexpected cache behaviour which is purely result of the implementation ofbigcache
.This behaviour should be either fixed, or clearly documented in the code (and maybe even public method names should explicitly reflect guarantees).
Details
fastcache
methods for storing large payloads heavily rely on thexxhash
digests. More precisely,SetBig(k, v)
method will put following entries in the underlying cache:key: k, value: xxhash64(v) || len(value)
key: xxhash(v) || 0, value: value_block_0
key: xxhash(v) || n, value: value_block_n
As
xxhash
is not cryptographically strong hash functions, it's pretty easy to create several different byte sequences of the same length with same digests. In this case we can encounter very bad cache behaviour, whenSetBig(k2, v2)
can overwrite value for previously written keySetBig(k1, v1)
.You can consider following test which were created by reversing
xxhash
function (more specifically, we can reverse single round and then for any two different payloadsb1
andb2
append 32 bytes to each of them in order to make internal state of xxhash to be the same for both cases):Unfortunately, I don't know any easy fix for this issue. There is an option to use
k || block_index
as a block key instead ofxxhash(v) || block_index
which will provide more guarantees (clashes between different keys will be impossible with this scheme) - but still there will be problems with concurrent updates of single key which can lead to "mix" of values from different calls. Also, this change may degrade performance a bit (but given that keys are usually small - it should be pretty negligible).But, I suggest to at least add explicit warning in the documentation which definitely will help users of the library to make right & correct decisions about
fastcache
usage (because current issue can be very critical for cases whenfastcache
is used for storage of sensitive data, e.g. session information for web application of something similar)The text was updated successfully, but these errors were encountered: