[PATCH] vinyl: fix tuple leak in vy_tuple_new

Vladimir Davydov vdavydov.dev at gmail.com
Fri Dec 21 18:40:23 MSK 2018


tuple_format_vtab::tuple_new() callback is supposed to return a tuple
with 0 references, but vinyl implementation returns a tuple with the
reference counter set to 1, effectively leaking the new tuple.

How to reproduce: get a tuple from a vinyl space and update it with
box.tuple.update().

The bug was introduced by commit a377332a7314 ("tuple: fix lost format
on update and upsert operations").
---
 src/box/vy_stmt.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/box/vy_stmt.c b/src/box/vy_stmt.c
index 3e60fece..cd1ad505 100644
--- a/src/box/vy_stmt.c
+++ b/src/box/vy_stmt.c
@@ -86,7 +86,12 @@ vy_tuple_new(struct tuple_format *format, const char *data, const char *end)
 	if (tuple_validate_raw(format, data) != 0)
 		return NULL;
 
-	return vy_stmt_new_insert(format, data, end);
+	struct tuple *tuple = vy_stmt_new_insert(format, data, end);
+	if (tuple != NULL) {
+		tuple_bless(tuple);
+		tuple_unref(tuple);
+	}
+	return tuple;
 }
 
 struct tuple_format_vtab vy_tuple_format_vtab = {
-- 
2.11.0




More information about the Tarantool-patches mailing list