search

yugabyte / yugabyte-db

YugabyteDB - the cloud native distributed SQL database for mission-critical applications.
https://www.yugabyte.com
Other
8.95k stars 1.07k forks source link

[yedis] Segmentation fault: yb::Slice::ToDebugString in yb::redisserver::ParseRangeByScoreOptions #568

Closed kmuthukk closed 5 years ago

kmuthukk commented 5 years ago

Seeing a seg-fault in a cluster with ZRangeByScore. Maybe we are not gracefully handling an invalid option?

(gdb) where
#0  yb::Slice::ToDebugString (this=this@entry=0x7f7c21902150, max_len=max_len@entry=0) at ../../src/yb/util/slice.cc:81
#1  0x00007f7c38899055 in yb::util::(anonymous namespace)::CreateInvalid (input=..., err=err@entry=0) at ../../src/yb/util/stol_utils.cc:24
#2  0x00007f7c388992bf in CheckedSton<long int, std::_Bind<long long int (*(std::_Placeholder<1>, std::_Placeholder<2>, int))(char const*, char**, int) throw ()> > (str_to_t=..., slice=...) at ../../src/yb/util/stol_utils.cc:53
#3  yb::util::CheckedStoll (slice=...) at ../../src/yb/util/stol_utils.cc:62
#4  0x00007f7c42d9af24 in yb::redisserver::(anonymous namespace)::ParseInt64 (slice=..., field=field@entry=0x7f7c42daf623 "limit") at ../../src/yb/yql/redis/redisserver/redis_parser.cc:78
#5  0x00007f7c42d9cd6d in yb::redisserver::ParseRangeByScoreOptions (op=op@entry=0x1fc9d0240, args=...) at ../../src/yb/yql/redis/redisserver/redis_parser.cc:702
#6  0x00007f7c42d9d3f6 in yb::redisserver::ParseZRangeByScore (op=0x1fc9d0240, args=...) at ../../src/yb/yql/redis/redisserver/redis_parser.cc:732
#7  0x00007f7c42d71de0 in yb::redisserver::(anonymous namespace)::Command<yb::client::YBRedisReadOp> (info=..., idx=0,
    parser=0x7f7c42d9d250 <yb::redisserver::ParseZRangeByScore(yb::client::YBRedisReadOp*, boost::container::small_vector<yb::Slice, 8ul, boost::container::new_allocator<yb::Slice> > const&)>, context=0x1be8c9b00, this=<optimized out>)
    at ../../src/yb/yql/redis/redisserver/redis_commands.cc:189
#8  0x00007f7c42d8cd6a in operator() (__args#2=0x1be8c9b00, __args#1=0, __args#0=..., this=0x40dc658) at /n/jenkins/linuxbrew/linuxbrew_2018-03-16T16_38_10/Cellar/gcc/5.5.0/include/c++/5.5.0/functional:2267
#9  yb::redisserver::RedisServiceImpl::Impl::Handle (this=<optimized out>, call_ptr=...) at ../../src/yb/yql/redis/redisserver/redis_service.cc:1228
#10 0x00007f7c42d8dc84 in yb::redisserver::RedisServiceImpl::Handle (this=<optimized out>, call=...) at ../../src/yb/yql/redis/redisserver/redis_service.cc:1249
#11 0x00007f7c3a8a933a in yb::rpc::ServicePoolImpl::Handle (this=0x1deb2460, incoming=...) at ../../src/yb/rpc/service_pool.cc:214
#12 0x00007f7c3a8a78ca in Run (this=<optimized out>) at ../../src/yb/rpc/service_pool.cc:252
#13 yb::rpc::TasksPool<yb::rpc::(anonymous namespace)::InboundCallTask>::WrappedTask::Run (this=<optimized out>) at ../../src/yb/rpc/tasks_pool.h:70
#14 0x00007f7c3a8af819 in yb::rpc::(anonymous namespace)::Worker::Execute (this=0x2506f810) at ../../src/yb/rpc/thread_pool.cc:98
#15 0x00007f7c388a7c46 in operator() (this=0x9d58438) at /n/jenkins/linuxbrew/linuxbrew_2018-03-16T16_38_10/Cellar/gcc/5.5.0/include/c++/5.5.0/functional:2267
#16 yb::Thread::SuperviseThread (arg=<optimized out>) at ../../src/yb/util/thread.cc:606
#17 0x00007f7c345a4694 in start_thread (arg=0x7f7c21903700) at pthread_create.c:333
#18 0x00007f7c33ce23cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
rahuldesirazu commented 5 years ago

SegFault occurs when user doesn't specify enough arguments in ZRANGEBYSCORE [LIMIT offset count] clause. Will fix by checking for arg length before parsing these fields.

rahuldesirazu commented 5 years ago

Fixed in 298193a02512f84b8cfdadb2db1e9b758f04a866, closing.