[Tarantool-patches] [PATCH] lua: panic on lua_gettop() negative return value
sergos at tarantool.org
sergos at tarantool.org
Fri Jul 17 11:34:30 MSK 2020
Hi!
Thanks for the patch!
LGTM.
Sergos
> On 16 Jul 2020, at 21:16, Ilya Kosarev <i.kosarev at tarantool.org> wrote:
>
> According to gh-4649 report it seems to be possible that we are getting
> segfault on empty diag in iproto_reply_error() due to negative count of
> dumped entries returned from port_lua_do_dump() in tx_process_call().
> It can only happen due to lua_gettop() returning negative value in
> encode_lua_call(). This should not happen at all, so it is the reason
> to panic.
>
> Closes #4649
> ---
> Branch: https://github.com/tarantool/tarantool/tree/i.kosarev/gh-4649-empty-diag-from-tx_process_call
> Issue: https://github.com/tarantool/tarantool/issues/4649
>
> @ChangeLog:
> * Panic in case of critical problem: lua_gettop() returning negative
> value (gh-4649).
>
> src/box/lua/call.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/src/box/lua/call.c b/src/box/lua/call.c
> index ca871e077..82ca47cbe 100644
> --- a/src/box/lua/call.c
> +++ b/src/box/lua/call.c
> @@ -361,6 +361,8 @@ encode_lua_call(lua_State *L)
>
> struct luaL_serializer *cfg = luaL_msgpack_default;
> int size = lua_gettop(port->L);
> + if (size < 0)
> + panic("lua_gettop() returned negative value");
> for (int i = 1; i <= size; ++i)
> luamp_encode(port->L, cfg, &stream, i);
> port->size = size;
> --
> 2.17.1
>
More information about the Tarantool-patches
mailing list