From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sergos@tarantool.org>
Received: from smtp46.i.mail.ru (smtp46.i.mail.ru [94.100.177.106])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id AC83F445320
 for <tarantool-patches@dev.tarantool.org>;
 Fri, 17 Jul 2020 11:34:32 +0300 (MSK)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: "sergos@tarantool.org" <sergos@tarantool.org>
In-Reply-To: <20200716181639.1683-1-i.kosarev@tarantool.org>
Date: Fri, 17 Jul 2020 11:34:30 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <889FF334-DDF6-44BD-8434-9C007079CDCE@tarantool.org>
References: <20200716181639.1683-1-i.kosarev@tarantool.org>
Subject: Re: [Tarantool-patches] [PATCH] lua: panic on lua_gettop() negative
	return value
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
To: Ilya Kosarev <i.kosarev@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org

Hi!

Thanks for the patch!
LGTM.

Sergos

> On 16 Jul 2020, at 21:16, Ilya Kosarev <i.kosarev@tarantool.org> =
wrote:
>=20
> According to gh-4649 report it seems to be possible that we are =
getting
> segfault on empty diag in iproto_reply_error() due to negative count =
of
> dumped entries returned from port_lua_do_dump() in tx_process_call().
> It can only happen due to lua_gettop() returning negative value in
> encode_lua_call(). This should not happen at all, so it is the reason
> to panic.
>=20
> Closes #4649
> ---
> Branch: =
https://github.com/tarantool/tarantool/tree/i.kosarev/gh-4649-empty-diag-f=
rom-tx_process_call
> Issue: https://github.com/tarantool/tarantool/issues/4649
>=20
> @ChangeLog:
> * Panic in case of critical problem: lua_gettop() returning negative
> value (gh-4649).
>=20
> src/box/lua/call.c | 2 ++
> 1 file changed, 2 insertions(+)
>=20
> diff --git a/src/box/lua/call.c b/src/box/lua/call.c
> index ca871e077..82ca47cbe 100644
> --- a/src/box/lua/call.c
> +++ b/src/box/lua/call.c
> @@ -361,6 +361,8 @@ encode_lua_call(lua_State *L)
>=20
> 	struct luaL_serializer *cfg =3D luaL_msgpack_default;
> 	int size =3D lua_gettop(port->L);
> +	if (size < 0)
> +		panic("lua_gettop() returned negative value");
> 	for (int i =3D 1; i <=3D size; ++i)
> 		luamp_encode(port->L, cfg, &stream, i);
> 	port->size =3D size;
> --=20
> 2.17.1
>=20