[Tarantool-patches] [PATCH 1/1] app: handle concatenated argv name-value correctly

Vladislav Shpilevoy v.shpilevoy at tarantool.org
Wed Feb 19 02:08:15 MSK 2020 

The server used to crash when any option argument was passed with
a value concatenated to it, like this: '-lvalue', '-evalue'
instead of '-l value' and '-e value'.

However this is a valid way of writing values, and it should not
have crashed regardless of its validity.

The bug was in usage of 'optind' global variable from getopt()
function family. It is not supposed to be used for getting an
option's value. It points to a next argv to parse. Next argv !=
value of current argv, like it was with '-lvalue' and '-evalue'.

For getting a current value there is a variable 'optarg'.

Closes #4775
---
Branch: https://github.com/tarantool/tarantool/tree/gerold103/gh-4775-crash-on-l-e-opts
Issue: https://github.com/tarantool/tarantool/issues/4775

@ChangeLog
- Fixed crash at attempt to use -e and -l command line options
  concatenated with their values, like this: -eprint(100)
  (gh-4775).

 src/lua/init.c                           |  4 ++--
 src/lua/init.h                           |  2 +-
 src/main.cc                              | 13 +++++--------
 test/app/gh-4775-crash-args-l-e.result   | 15 +++++++++++++++
 test/app/gh-4775-crash-args-l-e.test.lua |  6 ++++++
 5 files changed, 29 insertions(+), 11 deletions(-)
 create mode 100644 test/app/gh-4775-crash-args-l-e.result
 create mode 100644 test/app/gh-4775-crash-args-l-e.test.lua

diff --git a/src/lua/init.c b/src/lua/init.c
index 097dd8495..28b6b2d62 100644
--- a/src/lua/init.c
+++ b/src/lua/init.c
@@ -557,7 +557,7 @@ run_script_f(va_list ap)
 	const char *path = va_arg(ap, const char *);
 	bool interactive = va_arg(ap, int);
 	int optc = va_arg(ap, int);
-	char **optv = va_arg(ap, char **);
+	const char **optv = va_arg(ap, const char **);
 	int argc = va_arg(ap, int);
 	char **argv = va_arg(ap, char **);
 	/*
@@ -660,7 +660,7 @@ error:
 
 int
 tarantool_lua_run_script(char *path, bool interactive,
-			 int optc, char **optv, int argc, char **argv)
+			 int optc, const char **optv, int argc, char **argv)
 {
 	const char *title = path ? basename(path) : "interactive";
 	/*
diff --git a/src/lua/init.h b/src/lua/init.h
index 507360738..7fc0b1a31 100644
--- a/src/lua/init.h
+++ b/src/lua/init.h
@@ -72,7 +72,7 @@ tarantool_lua_free();
  */
 int
 tarantool_lua_run_script(char *path, bool force_interactive,
-			 int optc, char **optv,
+			 int optc, const char **optv,
 			 int argc, char **argv);
 
 extern char *history;
diff --git a/src/main.cc b/src/main.cc
index e674d85b1..9d1450523 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -722,7 +722,7 @@ main(int argc, char **argv)
 	bool interactive = false;
 	/* Lua interpeter options, e.g. -e and -l */
 	int optc = 0;
-	char **optv = NULL;
+	const char **optv = NULL;
 	auto guard = make_scoped_guard([=]{ if (optc) free(optv); });
 
 	static struct option longopts[] = {
@@ -750,16 +750,13 @@ main(int argc, char **argv)
 		case 'e':
 			/* Save Lua interepter options to optv as is */
 			if (optc == 0) {
-				optv = (char **) calloc(argc, sizeof(char *));
+				optv = (const char **) calloc(argc,
+							      sizeof(optv[0]));
 				if (optv == NULL)
 					panic_syserror("No enough memory for arguments");
 			}
-			/*
-			 * The variable optind is the index of the next
-			 * element to be processed in argv.
-			 */
-			optv[optc++] = argv[optind - 2];
-			optv[optc++] = argv[optind - 1];
+			optv[optc++] = ch == 'l' ? "-l" : "-e";
+			optv[optc++] = optarg;
 			break;
 		default:
 			/* "invalid option" is printed by getopt */
diff --git a/test/app/gh-4775-crash-args-l-e.result b/test/app/gh-4775-crash-args-l-e.result
new file mode 100644
index 000000000..eff1ee763
--- /dev/null
+++ b/test/app/gh-4775-crash-args-l-e.result
@@ -0,0 +1,15 @@
+-- test-run result file version 2
+--
+-- gh-4775: crash on option concatenated with value.
+--
+child = io.popen('tarantool -e"print(100) os.exit()"')
+ | ---
+ | ...
+child:read()
+ | ---
+ | - '100'
+ | ...
+child:close()
+ | ---
+ | - true
+ | ...
diff --git a/test/app/gh-4775-crash-args-l-e.test.lua b/test/app/gh-4775-crash-args-l-e.test.lua
new file mode 100644
index 000000000..1cccb78a4
--- /dev/null
+++ b/test/app/gh-4775-crash-args-l-e.test.lua
@@ -0,0 +1,6 @@
+--
+-- gh-4775: crash on option concatenated with value.
+--
+child = io.popen('tarantool -e"print(100) os.exit()"')
+child:read()
+child:close()
-- 
2.21.1 (Apple Git-122.3)

More information about the Tarantool-patches mailing list