[Tarantool-patches] [PATCH 3/3] box/applier: fix nil dereference in applier rollback

Konstantin Osipov kostja.osipov at gmail.com
Wed Feb 5 01:04:30 MSK 2020


* Cyrill Gorcunov <gorcunov at gmail.com> [20/01/27 10:14]:
> Currently when transaction rollback happens we just drop an existing
> error setting ClientError to the replicaset.applier.diag. This action
> leaves current fiber with diag=nil, which in turn leads to sigsegv once
> diag_raise() called right after applier_apply_tx():
> 
>  | applier_f
>  |   try {
>  |   applier_subscribe
>  |     applier_apply_tx
>  |       // error happens
>  |       txn_rollback
>  |         diag_set(ClientError, ER_WAL_IO)
>  |         diag_move(&fiber()->diag, &replicaset.applier.diag)
>  |         // fiber->diag = nil

>  |       applier_on_rollback
>  |         diag_add_error(&applier->diag, diag_last_error(&replicaset.applier.diag)
>  |         fiber_cancel(applier->reader);
>  |     diag_raise() -> NULL dereference
>  |   } catch { ... }

Where exactly does the error happen in applier_apply_tx?

Looks like this:

>  |         diag_set(ClientError, ER_WAL_IO)
>  |         diag_move(&fiber()->diag, &replicaset.applier.diag)


overwrites the original error. 

Instead, the original error should be preserved and copied to the
shared diagnostics area (replicaset.applier.error).


-- 
Konstantin Osipov, Moscow, Russia


More information about the Tarantool-patches mailing list