[Tarantool-patches] [PATCH] lua: panic on lua_gettop() negative return value

sergos at tarantool.org sergos at tarantool.org
Fri Jul 17 11:34:30 MSK 2020


Hi!

Thanks for the patch!
LGTM.

Sergos

> On 16 Jul 2020, at 21:16, Ilya Kosarev <i.kosarev at tarantool.org> wrote:
> 
> According to gh-4649 report it seems to be possible that we are getting
> segfault on empty diag in iproto_reply_error() due to negative count of
> dumped entries returned from port_lua_do_dump() in tx_process_call().
> It can only happen due to lua_gettop() returning negative value in
> encode_lua_call(). This should not happen at all, so it is the reason
> to panic.
> 
> Closes #4649
> ---
> Branch: https://github.com/tarantool/tarantool/tree/i.kosarev/gh-4649-empty-diag-from-tx_process_call
> Issue: https://github.com/tarantool/tarantool/issues/4649
> 
> @ChangeLog:
> * Panic in case of critical problem: lua_gettop() returning negative
> value (gh-4649).
> 
> src/box/lua/call.c | 2 ++
> 1 file changed, 2 insertions(+)
> 
> diff --git a/src/box/lua/call.c b/src/box/lua/call.c
> index ca871e077..82ca47cbe 100644
> --- a/src/box/lua/call.c
> +++ b/src/box/lua/call.c
> @@ -361,6 +361,8 @@ encode_lua_call(lua_State *L)
> 
> 	struct luaL_serializer *cfg = luaL_msgpack_default;
> 	int size = lua_gettop(port->L);
> +	if (size < 0)
> +		panic("lua_gettop() returned negative value");
> 	for (int i = 1; i <= size; ++i)
> 		luamp_encode(port->L, cfg, &stream, i);
> 	port->size = size;
> -- 
> 2.17.1
> 



More information about the Tarantool-patches mailing list