Assertion Failure in nostrdb.c at Line 611

[geeknik]

While executing the 'fuzzer' program, an assertion failed in the file 'nostrdb.c' at line 611. This occurred during a transaction commit on the writer thread, causing the program to abort.

writer thread txn commit failedfuzzer: nostrdb.c:611: void *ndb_writer_thread(void *): Assertion `false' failed.
Aborted

Input File (test0000):

["EVENT"""{"content""created_at":0
"id""5086a8f76fe1da7fb56a25d1bebbafd70fca62e36a72c6263f900ff49b8f8604""kind":0 "pubkey":9c87f94bcbe2a837adc28d46c34eeaab8fc2e1cdf94fe19d4b99ae6a5e6acedc "sig""27374975879c94658412469cee6db73d538971d21a7b580726a407329a4cafc677fb56b946994cea59c3d9e118fef27e4e61de9d2c46ac0a65df14153ea93cf5""tags"[[][""]]}]

Encoded in Base64, the above input is:

WyJFVkVOVCIiInsiY29udGVudCIiY3JlYXRlZF9hdCI6MAoiaWQiIjUwODZhOGY3NmZlMWRhN2Zi
NTZhMjVkMWJlYmJhZmQ3MGZjYTYyZTM2YTcyYzYyNjNmOTAwZmY0OWI4Zjg2MDQiImtpbmQiOjAg
InB1YmtleSI6OWM4N2Y5NGJjYmUyYTgzN2FkYzI4ZDQ2YzM0ZWVhYWI4ZmMyZTFjZGY5NGZlMTlk
NGI5OWFlNmE1ZTZhY2VkYyAic2lnIiIyNzM3NDk3NTg3OWM5NDY1ODQxMjQ2OWNlZTZkYjczZDUz
ODk3MWQyMWE3YjU4MDcyNmE0MDczMjlhNGNhZmM2NzdmYjU2Yjk0Njk5NGNlYTU5YzNkOWUxMThm
ZWYyN2U0ZTYxZGU5ZDJjNDZhYzBhNjVkZjE0MTUzZWE5M2NmNSIidGFncyJbW11bIiJdXX1d

[jb55]

On Sun, Aug 13, 2023 at 12:17:51PM -0700, geeknik wrote:

While executing the 'fuzzer' program, an assertion failed in the file 'nostrdb.c' at line 611. This occurred during a transaction commit on the writer thread, causing the program to abort.

writer thread txn commit failedfuzzer: nostrdb.c:611: void *ndb_writer_thread(void *): Assertion `false' failed.
Aborted

Input File (test0000):

["EVENT"""{"content""created_at":0
"id""5086a8f76fe1da7fb56a25d1bebbafd70fca62e36a72c6263f900ff49b8f8604""kind":0 "pubkey":9c87f94bcbe2a837adc28d46c34eeaab8fc2e1cdf94fe19d4b99ae6a5e6acedc "sig""27374975879c94658412469cee6db73d538971d21a7b580726a407329a4cafc677fb56b946994cea59c3d9e118fef27e4e61de9d2c46ac0a65df14153ea93cf5""tags"[[][""]]}]

Encoded in Base64, the above input is:

WyJFVkVOVCIiInsiY29udGVudCIiY3JlYXRlZF9hdCI6MAoiaWQiIjUwODZhOGY3NmZlMWRhN2Zi
NTZhMjVkMWJlYmJhZmQ3MGZjYTYyZTM2YTcyYzYyNjNmOTAwZmY0OWI4Zjg2MDQiImtpbmQiOjAg
InB1YmtleSI6OWM4N2Y5NGJjYmUyYTgzN2FkYzI4ZDQ2YzM0ZWVhYWI4ZmMyZTFjZGY5NGZlMTlk
NGI5OWFlNmE1ZTZhY2VkYyAic2lnIiIyNzM3NDk3NTg3OWM5NDY1ODQxMjQ2OWNlZTZkYjczZDUz
ODk3MWQyMWE3YjU4MDcyNmE0MDczMjlhNGNhZmM2NzdmYjU2Yjk0Njk5NGNlYTU5YzNkOWUxMThm
ZWYyN2U0ZTYxZGU5ZDJjNDZhYzBhNjVkZjE0MTUzZWE5M2NmNSIidGFncyJbW11bIiJdXX1d

awesome! thanks. will add a test case for this

[jb55]

I can't seem to reproduce this. I added a test below but it passes without a crash.

From be06e3d1a622e436050a66df1b200f7441242c07 Mon Sep 17 00:00:00 2001 From: William Casarin @.***> Date: Mon, 21 Aug 2023 14:36:55 -0700 Subject: [PATCH] test: add test for fuzz crash

Signed-off-by: William Casarin @.***>

test.c | 9 +++++++++ 1 file changed, 9 insertions(+)

diff --git a/test.c b/test.c index 279e415a012d..7dffe3d9bbe5 100644 --- a/test.c +++ b/test.c @@ -47,6 +47,14 @@ static void test_load_profiles() free(buf); }

+static void test_fuzz_events() {

• struct ndb *ndb;
• const char *str = "[\"EVENT\"\"\"{\"content\"\"created_at\":0 \"id\"\"5086a8f76fe1da7fb56a25d1bebbafd70fca62e36a72c6263f900ff49b8f8604\"\"kind\":0 \"pubkey\":9c87f94bcbe2a837adc28d46c34eeaab8fc2e1cdf94fe19d4b99ae6a5e6acedc \"sig\"\"27374975879c94658412469cee6db73d538971d21a7b580726a407329a4cafc677fb56b946994cea59c3d9e118fef27e4e61de9d2c46ac0a65df14153 ea93cf5\"\"tags\"[[][\"\"]]}]";
• ndb_init(&ndb, 1024 * 1024, 1);
• ndb_process_event(ndb, str, strlen(str));

• ndb_destroy(ndb); +}

  static void test_basic_event() { unsigned char buf[512]; @@ -538,6 +546,7 @@ int main(int argc, const char *argv[]) { test_tce_eose(); test_tce_command_result_empty_msg(); test_content_len();

• test_fuzz_events();

  // protected queue tests test_queue_init_pop_push(); -- 2.39.2 (Apple Git-144)

[geeknik]

I guess we can ignore this for now, I can no longer reproduce it. #heisenbug