From 9f8f2384c976d0723fd8c7ac8b845cc610a5fef8 Mon Sep 17 00:00:00 2001
From: Bader-eddine Ouaich <49657842+baderouaich@users.noreply.github.com>
Date: Mon, 11 Dec 2023 06:57:27 -0800
Subject: [PATCH] Fix potential buffer overflow (#3146)

Summary:
Size of pointer `sub_x` used instead of size of its data. This is likely to lead to a buffer overflow if the user is not lucky enough to be in a x32 bit machine where `sizeof(float*) == sizeof(float)`.
You probably intend to write `sizeof(*sub_x)` or `sizeof(float)` ?

Pull Request resolved: https://github.com/facebookresearch/faiss/pull/3146

Reviewed By: mlomeli1

Differential Revision: D51618892

Pulled By: algoriddle

fbshipit-source-id: 82acd98009515e963c547d5c62946f93ef5561b5
---
 faiss/MetaIndexes.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/faiss/MetaIndexes.cpp b/faiss/MetaIndexes.cpp
index 1adc88fb6f..afa9ecc355 100644
--- a/faiss/MetaIndexes.cpp
+++ b/faiss/MetaIndexes.cpp
@@ -96,7 +96,7 @@ void IndexSplitVectors::search(
                 for (idx_t i = 0; i < n; i++)
                     memcpy(sub_x.get() + i * sub_d,
                            x + ofs + i * d,
-                           sub_d * sizeof(sub_x));
+                           sub_d * sizeof(float));
                 sub_index->search(n, sub_x.get(), k, distances1, labels1);
                 if (index->verbose)
                     printf("end query shard %d\n", no);