[Tarantool-patches] [PATCH 2/2] box: fix uninitialized access to version_id in process_subscribe()

Serge Petrenko sergepetrenko at tarantool.org
Mon Aug 30 13:33:48 MSK 2021


version_id might be left uninitialized if replica doesn't send it in a
SUBSCRIBE request.

This could lead to unpredictable behaviour: for example, master would
randomly choose between sending and not sending Raft state to the
replica.

We were safe until now, because replicas send their version in subscribe
request since at least version 1.7.5.

Try not to depend on replica sending us its version, better always be
safe.

Follow-up #6034
---
 src/box/box.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/box/box.cc b/src/box/box.cc
index 2c8113cbb..f98437d05 100644
--- a/src/box/box.cc
+++ b/src/box/box.cc
@@ -2850,8 +2850,8 @@ box_process_subscribe(struct ev_io *io, struct xrow_header *header)
 	struct tt_uuid replica_uuid = uuid_nil;
 	struct tt_uuid peer_replicaset_uuid = uuid_nil;
 	struct vclock replica_clock;
-	uint32_t replica_version_id;
 	vclock_create(&replica_clock);
+	uint32_t replica_version_id = 0;
 	bool anon;
 	uint32_t id_filter;
 	xrow_decode_subscribe_xc(header, &peer_replicaset_uuid, &replica_uuid,
-- 
2.30.1 (Apple Git-130)



More information about the Tarantool-patches mailing list