From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 241C76EC5E;
	Sun,  4 Apr 2021 18:07:17 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 241C76EC5E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1617548837; bh=pjDDHHC4kTHhUgCbZpMEJoaMYTgJQwzE5RJHjc1h1NI=;
	h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=lWZEdFSvrptrfYZlTq8Qp6dVI3MJOZbpj20SYNp8ljpIc1kulxGNZiPRcQwBTAhT/
	 rxYfHV9ZjGa+e4YHfnAcDeDxZK7wXRjiAc+nSasdM7IEyL+ANdPRbqk9m9hbYSmlcQ
	 6/vMq79qMIjYve9VYFnA7RuUz0L2nxqTLxxZa1B8=
Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id C92A16EC5E
 for <tarantool-patches@dev.tarantool.org>;
 Sun,  4 Apr 2021 18:06:46 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org C92A16EC5E
Received: by smtpng1.m.smailru.net with esmtpa (envelope-from
 <v.shpilevoy@tarantool.org>)
 id 1lT4Kr-00088P-V8; Sun, 04 Apr 2021 18:06:46 +0300
To: tarantool-patches@dev.tarantool.org, gorcunov@gmail.com,
 sergepetrenko@tarantool.org
Date: Sun,  4 Apr 2021 17:06:42 +0200
Message-Id: <ee347bd2d6e5f0b84ef65883d92aac8c0c7e6ba0.1617548717.git.v.shpilevoy@tarantool.org>
X-Mailer: git-send-email 2.24.3 (Apple Git-128)
In-Reply-To: <cover.1617548717.git.v.shpilevoy@tarantool.org>
References: <cover.1617548717.git.v.shpilevoy@tarantool.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-7564579A: B8F34718100C35BD
X-77F55803: 4F1203BC0FB41BD9ED7173E37F4E32941B7C4A78AC10F96A7797F60C25BD4B06182A05F5380850400DEAB6F01C0B5A588B39ABB413D2F4C972230B77B4B5B0F7E959A29178935841
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7DF2546A43F668C04EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637E0FC02D497BF09508638F802B75D45FF914D58D5BE9E6BC131B5C99E7648C95C16EE06F5A270FE6A4FC4D0A43D1E8C1F6ABACD32735C1782A471835C12D1D9774AD6D5ED66289B5278DA827A17800CE767883B903EA3BAEA9FA2833FD35BB23D2EF20D2F80756B5F868A13BD56FB6657A471835C12D1D977725E5C173C3A84C34964A708C60C975A117882F4460429728AD0CFFFB425014E868A13BD56FB6657E2021AF6380DFAD1A18204E546F3947CB11811A4A51E3B096D1867E19FE1407959CC434672EE6371089D37D7C0E48F6C8AA50765F79006374EBA37F70F1BFF76EFF80C71ABB335746BA297DBC24807EABDAD6C7F3747799A
X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C4C7A0BC55FA0FE5FC638A2AD621536B38A79F364265FE232B4B2BB803467B48B9B1881A6453793CE9C32612AADDFBE061C61BE10805914D3804EBA3D8E7E5B87ABF8C51168CD8EBDB63AF70AF8205D7DCDC48ACC2A39D04F89CDFB48F4795C241BDAD6C7F3747799A
X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D341E2D05735FCBECD1FCBC09A19FD7168E623900DFB33D27B56CD5A95100ED852E20CC3F76E4C7E69F1D7E09C32AA3244CB2336E7C6073D17CE9D697FD201E5DB33C6EB905E3A8056BFACE5A9C96DEB163
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojt47dm/981n4e2HSTtnK3ZQ==
X-Mailru-Sender: 689FA8AB762F73936BC43F508A06382252DD08F80C6EBCF499E7BD5AC24A520F3841015FED1DE5223CC9A89AB576DD93FB559BB5D741EB963CF37A108A312F5C27E8A8C3839CE0E267EA787935ED9F1B
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH 1/2] swim: fix crash on bad
 member_by_uuid() call
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Vladislav Shpilevoy via Tarantool-patches
 <tarantool-patches@dev.tarantool.org>
Reply-To: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

In Lua swim object's method member_by_uuid() could crash if called
with no arguments. UUID was then passed as NULL, and dereferenced.

The patch makes member_by_uuid() treat NULL like nil UUID and
return NULL (member not found). The reason is that
swim_member_by_uuid() can't fail. It can only return a member or
not. It never sets a diag error.

Closes #5951
---
 .../unreleased/swim-member_by_uuid-crash.md   |  4 ++++
 src/lib/swim/swim.c                           |  2 ++
 test/swim/swim.result                         |  9 ++++++++
 test/swim/swim.test.lua                       |  3 +++
 test/unit/swim.c                              | 23 ++++++++++++++++++-
 test/unit/swim.result                         |  9 +++++++-
 6 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/unreleased/swim-member_by_uuid-crash.md

diff --git a/changelogs/unreleased/swim-member_by_uuid-crash.md b/changelogs/unreleased/swim-member_by_uuid-crash.md
new file mode 100644
index 000000000..d710aaa73
--- /dev/null
+++ b/changelogs/unreleased/swim-member_by_uuid-crash.md
@@ -0,0 +1,4 @@
+## bugfix/swim
+
+* Fix the crash on an attempt to call `swim:member_by_uuid()` with no arguments
+  or with `nil`/`box.NULL` (gh-5951).
diff --git a/src/lib/swim/swim.c b/src/lib/swim/swim.c
index 9b5458635..1ecc90414 100644
--- a/src/lib/swim/swim.c
+++ b/src/lib/swim/swim.c
@@ -2337,6 +2337,8 @@ struct swim_member *
 swim_member_by_uuid(struct swim *swim, const struct tt_uuid *uuid)
 {
 	assert(swim_is_configured(swim));
+	if (uuid == NULL)
+		return NULL;
 	return swim_find_member(swim, uuid);
 }
 
diff --git a/test/swim/swim.result b/test/swim/swim.result
index bfc83c143..bab8d20eb 100644
--- a/test/swim/swim.result
+++ b/test/swim/swim.result
@@ -487,6 +487,15 @@ s1:member_by_uuid(50)
 - error: 'builtin/swim.lua:<line>: swim:member_by_uuid: expected string UUID or struct
     tt_uuid'
 ...
+-- gh-5951: could crash with no arguments or NULL.
+s1:member_by_uuid()
+---
+- null
+...
+s1:member_by_uuid(box.NULL)
+---
+- null
+...
 s1:member_by_uuid(uuid(2))
 ---
 - null
diff --git a/test/swim/swim.test.lua b/test/swim/swim.test.lua
index 1593d8833..bec8b9cca 100644
--- a/test/swim/swim.test.lua
+++ b/test/swim/swim.test.lua
@@ -159,6 +159,9 @@ s.is_dropped()
 
 s1:member_by_uuid(uuid(1)) ~= nil
 s1:member_by_uuid(50)
+-- gh-5951: could crash with no arguments or NULL.
+s1:member_by_uuid()
+s1:member_by_uuid(box.NULL)
 s1:member_by_uuid(uuid(2))
 
 -- UUID can be cdata.
diff --git a/test/unit/swim.c b/test/unit/swim.c
index a506d04e9..a495f9648 100644
--- a/test/unit/swim.c
+++ b/test/unit/swim.c
@@ -1071,10 +1071,30 @@ swim_test_suspect_new_members(void)
 	swim_finish_test();
 }
 
+static void
+swim_test_member_by_uuid(void)
+{
+	swim_start_test(3);
+	struct swim_cluster *cluster = swim_cluster_new(1);
+
+	struct swim *s1 = swim_cluster_member(cluster, 0);
+	const struct swim_member *s1_self = swim_self(s1);
+	is(swim_member_by_uuid(s1, swim_member_uuid(s1_self)), s1_self,
+	   "found by UUID")
+
+	struct tt_uuid uuid = uuid_nil;
+	uuid.time_low = 1000;
+	is(swim_member_by_uuid(s1, &uuid), NULL, "not found by valid UUID");
+	is(swim_member_by_uuid(s1, NULL), NULL, "not found by NULL UUID");
+
+	swim_cluster_delete(cluster);
+	swim_finish_test();
+}
+
 static int
 main_f(va_list ap)
 {
-	swim_start_test(22);
+	swim_start_test(23);
 
 	(void) ap;
 	fakeev_init();
@@ -1102,6 +1122,7 @@ main_f(va_list ap)
 	swim_test_generation();
 	swim_test_dissemination_speed();
 	swim_test_suspect_new_members();
+	swim_test_member_by_uuid();
 
 	fakenet_free();
 	fakeev_free();
diff --git a/test/unit/swim.result b/test/unit/swim.result
index d4b1dba49..e1af4d616 100644
--- a/test/unit/swim.result
+++ b/test/unit/swim.result
@@ -1,5 +1,5 @@
 	*** main_f ***
-1..22
+1..23
 	*** swim_test_one_link ***
     1..6
     ok 1 - no rounds - no fullmesh
@@ -225,4 +225,11 @@ ok 21 - subtests
     ok 2 - S3 didn't add S1 from S2's messages, because S1 didn't answer on a ping
 ok 22 - subtests
 	*** swim_test_suspect_new_members: done ***
+	*** swim_test_member_by_uuid ***
+    1..3
+    ok 1 - found by UUID
+    ok 2 - not found by valid UUID
+    ok 3 - not found by NULL UUID
+ok 23 - subtests
+	*** swim_test_member_by_uuid: done ***
 	*** main_f: done ***
-- 
2.24.3 (Apple Git-128)