From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 241C76EC5E; Sun, 4 Apr 2021 18:07:17 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 241C76EC5E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1617548837; bh=pjDDHHC4kTHhUgCbZpMEJoaMYTgJQwzE5RJHjc1h1NI=; h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=lWZEdFSvrptrfYZlTq8Qp6dVI3MJOZbpj20SYNp8ljpIc1kulxGNZiPRcQwBTAhT/ rxYfHV9ZjGa+e4YHfnAcDeDxZK7wXRjiAc+nSasdM7IEyL+ANdPRbqk9m9hbYSmlcQ 6/vMq79qMIjYve9VYFnA7RuUz0L2nxqTLxxZa1B8= Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id C92A16EC5E for ; Sun, 4 Apr 2021 18:06:46 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org C92A16EC5E Received: by smtpng1.m.smailru.net with esmtpa (envelope-from ) id 1lT4Kr-00088P-V8; Sun, 04 Apr 2021 18:06:46 +0300 To: tarantool-patches@dev.tarantool.org, gorcunov@gmail.com, sergepetrenko@tarantool.org Date: Sun, 4 Apr 2021 17:06:42 +0200 Message-Id: X-Mailer: git-send-email 2.24.3 (Apple Git-128) In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-7564579A: B8F34718100C35BD X-77F55803: 4F1203BC0FB41BD9ED7173E37F4E32941B7C4A78AC10F96A7797F60C25BD4B06182A05F5380850400DEAB6F01C0B5A588B39ABB413D2F4C972230B77B4B5B0F7E959A29178935841 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7DF2546A43F668C04EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637E0FC02D497BF09508638F802B75D45FF914D58D5BE9E6BC131B5C99E7648C95C16EE06F5A270FE6A4FC4D0A43D1E8C1F6ABACD32735C1782A471835C12D1D9774AD6D5ED66289B5278DA827A17800CE767883B903EA3BAEA9FA2833FD35BB23D2EF20D2F80756B5F868A13BD56FB6657A471835C12D1D977725E5C173C3A84C34964A708C60C975A117882F4460429728AD0CFFFB425014E868A13BD56FB6657E2021AF6380DFAD1A18204E546F3947CB11811A4A51E3B096D1867E19FE1407959CC434672EE6371089D37D7C0E48F6C8AA50765F79006374EBA37F70F1BFF76EFF80C71ABB335746BA297DBC24807EABDAD6C7F3747799A X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C4C7A0BC55FA0FE5FC638A2AD621536B38A79F364265FE232B4B2BB803467B48B9B1881A6453793CE9C32612AADDFBE061C61BE10805914D3804EBA3D8E7E5B87ABF8C51168CD8EBDB63AF70AF8205D7DCDC48ACC2A39D04F89CDFB48F4795C241BDAD6C7F3747799A X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D341E2D05735FCBECD1FCBC09A19FD7168E623900DFB33D27B56CD5A95100ED852E20CC3F76E4C7E69F1D7E09C32AA3244CB2336E7C6073D17CE9D697FD201E5DB33C6EB905E3A8056BFACE5A9C96DEB163 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojt47dm/981n4e2HSTtnK3ZQ== X-Mailru-Sender: 689FA8AB762F73936BC43F508A06382252DD08F80C6EBCF499E7BD5AC24A520F3841015FED1DE5223CC9A89AB576DD93FB559BB5D741EB963CF37A108A312F5C27E8A8C3839CE0E267EA787935ED9F1B X-Mras: Ok Subject: [Tarantool-patches] [PATCH 1/2] swim: fix crash on bad member_by_uuid() call X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Vladislav Shpilevoy via Tarantool-patches Reply-To: Vladislav Shpilevoy Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" In Lua swim object's method member_by_uuid() could crash if called with no arguments. UUID was then passed as NULL, and dereferenced. The patch makes member_by_uuid() treat NULL like nil UUID and return NULL (member not found). The reason is that swim_member_by_uuid() can't fail. It can only return a member or not. It never sets a diag error. Closes #5951 --- .../unreleased/swim-member_by_uuid-crash.md | 4 ++++ src/lib/swim/swim.c | 2 ++ test/swim/swim.result | 9 ++++++++ test/swim/swim.test.lua | 3 +++ test/unit/swim.c | 23 ++++++++++++++++++- test/unit/swim.result | 9 +++++++- 6 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 changelogs/unreleased/swim-member_by_uuid-crash.md diff --git a/changelogs/unreleased/swim-member_by_uuid-crash.md b/changelogs/unreleased/swim-member_by_uuid-crash.md new file mode 100644 index 000000000..d710aaa73 --- /dev/null +++ b/changelogs/unreleased/swim-member_by_uuid-crash.md @@ -0,0 +1,4 @@ +## bugfix/swim + +* Fix the crash on an attempt to call `swim:member_by_uuid()` with no arguments + or with `nil`/`box.NULL` (gh-5951). diff --git a/src/lib/swim/swim.c b/src/lib/swim/swim.c index 9b5458635..1ecc90414 100644 --- a/src/lib/swim/swim.c +++ b/src/lib/swim/swim.c @@ -2337,6 +2337,8 @@ struct swim_member * swim_member_by_uuid(struct swim *swim, const struct tt_uuid *uuid) { assert(swim_is_configured(swim)); + if (uuid == NULL) + return NULL; return swim_find_member(swim, uuid); } diff --git a/test/swim/swim.result b/test/swim/swim.result index bfc83c143..bab8d20eb 100644 --- a/test/swim/swim.result +++ b/test/swim/swim.result @@ -487,6 +487,15 @@ s1:member_by_uuid(50) - error: 'builtin/swim.lua:: swim:member_by_uuid: expected string UUID or struct tt_uuid' ... +-- gh-5951: could crash with no arguments or NULL. +s1:member_by_uuid() +--- +- null +... +s1:member_by_uuid(box.NULL) +--- +- null +... s1:member_by_uuid(uuid(2)) --- - null diff --git a/test/swim/swim.test.lua b/test/swim/swim.test.lua index 1593d8833..bec8b9cca 100644 --- a/test/swim/swim.test.lua +++ b/test/swim/swim.test.lua @@ -159,6 +159,9 @@ s.is_dropped() s1:member_by_uuid(uuid(1)) ~= nil s1:member_by_uuid(50) +-- gh-5951: could crash with no arguments or NULL. +s1:member_by_uuid() +s1:member_by_uuid(box.NULL) s1:member_by_uuid(uuid(2)) -- UUID can be cdata. diff --git a/test/unit/swim.c b/test/unit/swim.c index a506d04e9..a495f9648 100644 --- a/test/unit/swim.c +++ b/test/unit/swim.c @@ -1071,10 +1071,30 @@ swim_test_suspect_new_members(void) swim_finish_test(); } +static void +swim_test_member_by_uuid(void) +{ + swim_start_test(3); + struct swim_cluster *cluster = swim_cluster_new(1); + + struct swim *s1 = swim_cluster_member(cluster, 0); + const struct swim_member *s1_self = swim_self(s1); + is(swim_member_by_uuid(s1, swim_member_uuid(s1_self)), s1_self, + "found by UUID") + + struct tt_uuid uuid = uuid_nil; + uuid.time_low = 1000; + is(swim_member_by_uuid(s1, &uuid), NULL, "not found by valid UUID"); + is(swim_member_by_uuid(s1, NULL), NULL, "not found by NULL UUID"); + + swim_cluster_delete(cluster); + swim_finish_test(); +} + static int main_f(va_list ap) { - swim_start_test(22); + swim_start_test(23); (void) ap; fakeev_init(); @@ -1102,6 +1122,7 @@ main_f(va_list ap) swim_test_generation(); swim_test_dissemination_speed(); swim_test_suspect_new_members(); + swim_test_member_by_uuid(); fakenet_free(); fakeev_free(); diff --git a/test/unit/swim.result b/test/unit/swim.result index d4b1dba49..e1af4d616 100644 --- a/test/unit/swim.result +++ b/test/unit/swim.result @@ -1,5 +1,5 @@ *** main_f *** -1..22 +1..23 *** swim_test_one_link *** 1..6 ok 1 - no rounds - no fullmesh @@ -225,4 +225,11 @@ ok 21 - subtests ok 2 - S3 didn't add S1 from S2's messages, because S1 didn't answer on a ping ok 22 - subtests *** swim_test_suspect_new_members: done *** + *** swim_test_member_by_uuid *** + 1..3 + ok 1 - found by UUID + ok 2 - not found by valid UUID + ok 3 - not found by NULL UUID +ok 23 - subtests + *** swim_test_member_by_uuid: done *** *** main_f: done *** -- 2.24.3 (Apple Git-128)