Skip to content

Replace byte buffer with sector buffer #388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
n8mgr merged 3 commits into from
Jan 20, 2026
Merged

Replace byte buffer with sector buffer #388

n8mgr merged 3 commits into from
Jan 20, 2026

Conversation

@ChrisSchinnerl
Copy link
Member

@ChrisSchinnerl ChrisSchinnerl commented Jan 20, 2026

While our current implementation is theoretically safe it is quite fragile.

bytes.NewBuffer explicitly states to not reuse its input afterwards which is something we do. So if the buffer's implementation changes or some edge case triggers a realloc of the underlying slice, sector might contain corrupted data without us knowing it.

sectorBuffer is a drop-in replacement that makes this impossible and easier to reason about.

@ChrisSchinnerl ChrisSchinnerl self-assigned this Jan 20, 2026
@github-project-automation github-project-automation bot moved this to In Progress in Sia Jan 20, 2026
@ChrisSchinnerl ChrisSchinnerl marked this pull request as ready for review January 20, 2026 13:53
Copilot AI review requested due to automatic review settings January 20, 2026 13:53
Copilot AI reviewed Jan 20, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR replaces the use of bytes.NewBuffer with a custom sectorBuffer implementation in the handleRPCWriteSector function to prevent potential data corruption. The change addresses a fragility issue where bytes.NewBuffer explicitly states not to reuse its input, which the code was doing by passing the same sector array to StoreSector after buffering.

Changes:

  • Introduced a custom sectorBuffer type that implements io.Writer for safer sector data streaming
  • Replaced bytes.NewBuffer(sector[:0]) with newSectorBuffer(&sector) in handleRPCWriteSector
  • Added changeset documentation for the patch-level change

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
rhp/v4/server.go Replaced bytes.NewBuffer with custom sectorBuffer implementation and added the sectorBuffer type definition with its Write method and constructor
.changeset/use_custom_sectorbuffer_rather_than_bytesbuffer_in_handlerpcwritesector.md Added changeset documentation for the patch-level change

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

chris124567
chris124567 previously approved these changes Jan 20, 2026
View reviewed changes
n8mgr
n8mgr requested changes Jan 20, 2026
View reviewed changes
Copy link
Member

@n8mgr n8mgr left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a reasonable defensive change, but it doesn't address the other half of the ownership problem which is significantly more likely to bite us in the ass. We have tests that read a full sector without reallocating. A change to stdlib that broke this code would fail our tests first. As-is this is slightly less fragile while still being very fragile.

Can you take this further and enforce ownership of the backing array too? Otherwise, this seems unnecessary.

@ChrisSchinnerl
Copy link
Member Author

ChrisSchinnerl commented Jan 20, 2026

This is a reasonable defensive change, but it doesn't address the other half of the ownership problem which is significantly more likely to bite us in the ass. We have tests that read a full sector without reallocating. A change to stdlib that broke this code would fail our tests first. As-is this is slightly less fragile while still being very fragile.

Can you take this further and enforce ownership of the backing array too? Otherwise, this seems unnecessary.

I pushed a little change. Not sure if that is what you had in mind regarding "ownership" but I just thought about all the ways the Rust borrow checker would hate us for that code and this is what I came up with.

@n8mgr
Copy link
Member

n8mgr commented Jan 20, 2026

That is pretty much exactly what I had in mind lol

@n8mgr n8mgr merged commit ff3cac4 into master Jan 20, 2026
13 checks passed
@n8mgr n8mgr deleted the chris/sector-buffer branch January 20, 2026 23:38
@github-project-automation github-project-automation bot moved this from In Progress to Done in Sia Jan 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@n8mgr n8mgr n8mgr approved these changes

Copilot code review Copilot Copilot left review comments

@chris124567 chris124567 Awaiting requested review from chris124567

Assignees

@ChrisSchinnerl ChrisSchinnerl

Labels

None yet

Projects

Sia
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ChrisSchinnerl @n8mgr @chris124567