From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.mail.ru (smtp1.mail.ru [94.100.179.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 040C5445320 for ; Thu, 16 Jul 2020 21:16:47 +0300 (MSK) From: Ilya Kosarev Date: Thu, 16 Jul 2020 21:16:39 +0300 Message-Id: <20200716181639.1683-1-i.kosarev@tarantool.org> Subject: [Tarantool-patches] [PATCH] lua: panic on lua_gettop() negative return value List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: imun@tarantool.org Cc: tarantool-patches@dev.tarantool.org According to gh-4649 report it seems to be possible that we are getting segfault on empty diag in iproto_reply_error() due to negative count of dumped entries returned from port_lua_do_dump() in tx_process_call(). It can only happen due to lua_gettop() returning negative value in encode_lua_call(). This should not happen at all, so it is the reason to panic. Closes #4649 --- Branch: https://github.com/tarantool/tarantool/tree/i.kosarev/gh-4649-empty-diag-from-tx_process_call Issue: https://github.com/tarantool/tarantool/issues/4649 @ChangeLog: * Panic in case of critical problem: lua_gettop() returning negative value (gh-4649). src/box/lua/call.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/box/lua/call.c b/src/box/lua/call.c index ca871e077..82ca47cbe 100644 --- a/src/box/lua/call.c +++ b/src/box/lua/call.c @@ -361,6 +361,8 @@ encode_lua_call(lua_State *L) struct luaL_serializer *cfg = luaL_msgpack_default; int size = lua_gettop(port->L); + if (size < 0) + panic("lua_gettop() returned negative value"); for (int i = 1; i <= size; ++i) luamp_encode(port->L, cfg, &stream, i); port->size = size; -- 2.17.1