[Tarantool-patches] [PATCH 2/3] merger: fix NULL dereference when called via iproto
Alexander Turenko
alexander.turenko at tarantool.org
Wed Jun 17 20:53:39 MSK 2020
> > Usage of the fiber-local Lua state is not quite correct now: merge
> > source code may left garbage on a stack in case of failures (like
>
> 1. merge -> merger.
I use term 'merge source' for sources, we agreed on it with Vladimir D.,
when the merger was designed. Removed 'code' to don't confuse a reader:
'merge source code' -> 'a merge source'.
> > + struct lua_State *L = luaT_newthread(tarantool_L);
> > + if (L == NULL)
> > + return NULL;
>
> 2. luaT_newthread() does not set a diag. That may lead to a crash,
> because as far as I see, this function may be called
> lbox_merge_source_gen() indirectly, somewhere deep in the callstack.
> And it luaT_error(), when merge_source_next() fails.
As I see, it is not so.
luaT_newthread_wrapper() may raise a Lua error (only 'not enough memory'
I guess), luaT_cpcall() calls luaT_toerror() in this case, which invokes
diag_set(LuajitError, <...>).
Isn't I miss something?
More information about the Tarantool-patches
mailing list