From: Nikita Pettik <korablev@tarantool.org>
To: tarantool-patches@dev.tarantool.org
Cc: v.shpilevoy@tarantool.org
Subject: [Tarantool-patches] [PATCH v3 0/3] vinyl: fix uninitialized memory accesses
Date: Mon, 27 Apr 2020 03:52:13 +0300 [thread overview]
Message-ID: <cover.1587948306.git.korablev@tarantool.org> (raw)
Branch: https://github.com/tarantool/tarantool/commits/np/gh-4864-access-to-uninit-mem
Issue: https://github.com/tarantool/tarantool/issues/4864
Changes in v2:
- replaced error injection ERRINJ_VY_MAX_TUPLE_SIZE with
ERRINJ_VY_STMT_ALLOC (i.e. now vy_stmt_alloc() fails not due to exceed
max size, but owing to allocation failure);
- found another one use-after-free bug in case vy_read_view_merge()
fails. Fix is merged into second patch;
- added ERRINJ_VY_READ_VIEW_MERGE_FAIL to provide test case in
case of vy_read_view_merge() failure;
- fixed test covering second bug: error injection value accidentally
was set to a wrong value (bad copy-paste).
Changes in v3:
- instead of nullifing read views (which may lead to tuple leaks), let's
call proper finalizing routine vy_read_view_stmt_destroy();
- found another one possible crash due to extra tuple format unref
in case of failed compaction; fix to that is introduced in third patch
in series.
@ChangeLog:
* Fixed crash during compaction due to tuples with size exceeding
vinyl_max_tuple_size setting.
Nikita Pettik (3):
vinyl: init all vars before cleanup in vy_lsm_split_range()
vinyl: clean-up unprocessed read views in *_build_read_views()
vinyl: clean-up write iterator if vy_task_write_run() fails
src/box/vy_lsm.c | 4 +-
src/box/vy_scheduler.c | 4 +-
src/box/vy_stmt.c | 10 +
src/box/vy_write_iterator.c | 32 +-
src/errinj.h | 3 +
test/box/errinj.result | 3 +
.../gh-4864-stmt-alloc-fail-compact.result | 333 ++++++++++++++++++
.../gh-4864-stmt-alloc-fail-compact.test.lua | 152 ++++++++
test/vinyl/suite.ini | 2 +-
9 files changed, 536 insertions(+), 7 deletions(-)
create mode 100644 test/vinyl/gh-4864-stmt-alloc-fail-compact.result
create mode 100644 test/vinyl/gh-4864-stmt-alloc-fail-compact.test.lua
--
2.17.1
next reply other threads:[~2020-04-27 0:52 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-27 0:52 Nikita Pettik [this message]
2020-04-27 0:52 ` [Tarantool-patches] [PATCH v3 1/3] vinyl: init all vars before cleanup in vy_lsm_split_range() Nikita Pettik
2020-05-06 9:04 ` Aleksandr Lyapunov
2020-05-06 13:12 ` Nikita Pettik
2020-05-06 17:52 ` Aleksandr Lyapunov
2020-05-07 1:09 ` Nikita Pettik
2020-04-27 0:52 ` [Tarantool-patches] [PATCH v3 2/3] vinyl: clean-up unprocessed read views in *_build_read_views() Nikita Pettik
2020-05-06 9:56 ` Aleksandr Lyapunov
2020-05-07 0:29 ` Nikita Pettik
2020-05-07 8:44 ` Aleksandr Lyapunov
2020-05-07 12:28 ` Nikita Pettik
2020-04-27 0:52 ` [Tarantool-patches] [PATCH v3 3/3] vinyl: clean-up write iterator if vy_task_write_run() fails Nikita Pettik
2020-05-01 0:55 ` Vladislav Shpilevoy
2020-05-03 9:22 ` Konstantin Osipov
2020-05-07 0:38 ` Nikita Pettik
2020-05-06 10:37 ` Aleksandr Lyapunov
2020-05-07 0:36 ` Nikita Pettik
2020-05-07 7:53 ` Aleksandr Lyapunov
2020-05-07 22:16 ` Nikita Pettik
2020-05-08 16:29 ` Aleksandr Lyapunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1587948306.git.korablev@tarantool.org \
--to=korablev@tarantool.org \
--cc=tarantool-patches@dev.tarantool.org \
--cc=v.shpilevoy@tarantool.org \
--subject='Re: [Tarantool-patches] [PATCH v3 0/3] vinyl: fix uninitialized memory accesses' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox