[Tarantool-patches] [PATCH 3/3] box/applier: fix nil dereference in applier rollback
Konstantin Osipov
kostja.osipov at gmail.com
Wed Feb 5 01:04:30 MSK 2020
* Cyrill Gorcunov <gorcunov at gmail.com> [20/01/27 10:14]:
> Currently when transaction rollback happens we just drop an existing
> error setting ClientError to the replicaset.applier.diag. This action
> leaves current fiber with diag=nil, which in turn leads to sigsegv once
> diag_raise() called right after applier_apply_tx():
>
> | applier_f
> | try {
> | applier_subscribe
> | applier_apply_tx
> | // error happens
> | txn_rollback
> | diag_set(ClientError, ER_WAL_IO)
> | diag_move(&fiber()->diag, &replicaset.applier.diag)
> | // fiber->diag = nil
> | applier_on_rollback
> | diag_add_error(&applier->diag, diag_last_error(&replicaset.applier.diag)
> | fiber_cancel(applier->reader);
> | diag_raise() -> NULL dereference
> | } catch { ... }
Where exactly does the error happen in applier_apply_tx?
Looks like this:
> | diag_set(ClientError, ER_WAL_IO)
> | diag_move(&fiber()->diag, &replicaset.applier.diag)
overwrites the original error.
Instead, the original error should be preserved and copied to the
shared diagnostics area (replicaset.applier.error).
--
Konstantin Osipov, Moscow, Russia
More information about the Tarantool-patches
mailing list