Skip to content

fix: RLookupRow use-after-free due to inconsistent refcount handling#6838

Merged
LukeMathWalker merged 1 commit intomasterfrom
jonas/fix-rlookuprow
Sep 22, 2025
Merged

fix: RLookupRow use-after-free due to inconsistent refcount handling#6838
LukeMathWalker merged 1 commit intomasterfrom
jonas/fix-rlookuprow

Conversation

@JonasKruckenberg
Copy link
Collaborator

@JonasKruckenberg JonasKruckenberg commented Sep 16, 2025

This fixes use-after free due to inconsistent handling of refcounts in RLookupRow and value. The test mock implementation did not implement Drop and used a weird Rc-based workaround for refcount increases while the "production" RSValueFFI implemented Drop and Clone using atomic refcounting. This lead to a mismatch between test-behavior and "production" behavior where tests passing would mean the runtime behavior was incorrect.

This change simplifies MockRSValue to also use atomic reference counting, removes the manual and unsafe increment and decrement methods of RSValueTrait and fixes the uses in RLookupRow to be correct.

cursor[bot]

This comment was marked as outdated.

Sign in to view

@JonasKruckenberg JonasKruckenberg force-pushed the jonas/fix-rlookuprow branch 2 times, most recently from 9391fce to b56fd90 Compare September 16, 2025 12:31
@codecov
Copy link

codecov bot commented Sep 16, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 27.27273% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 86.35%. Comparing base (705e538) to head (ccb21e5).
⚠️ Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
src/redisearch_rs/value/src/lib.rs 0.00% 7 Missing ⚠️
.../redisearch_rs/c_entrypoint/rlookup_ffi/src/row.rs 0.00% 5 Missing ⚠️
...arch_rs/c_entrypoint/sorting_vector_ffi/src/lib.rs 0.00% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6838      +/-   ##
==========================================
- Coverage   86.36%   86.35%   -0.02%     
==========================================
  Files         288      288              
  Lines       46520    46515       -5     
  Branches     9404     9399       -5     
==========================================
- Hits        40176    40166      -10     
- Misses       6193     6198       +5     
  Partials      151      151
Flag Coverage Δ
flow 84.67% <ø> (-0.14%) ⬇️
unit 49.71% <27.27%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

cursor[bot]

This comment was marked as outdated.

Sign in to view

@JonasKruckenberg JonasKruckenberg force-pushed the jonas/fix-rlookuprow branch 2 times, most recently from 5b8af48 to 0df368a Compare September 16, 2025 16:32
@JonasKruckenberg JonasKruckenberg force-pushed the jonas/fix-rlookuprow branch 4 times, most recently from dec451b to f6a3826 Compare September 19, 2025 09:46
@LukeMathWalker LukeMathWalker added this pull request to the merge queue Sep 22, 2025
Merged via the queue into master with commit cb55361 Sep 22, 2025
23 of 26 checks passed
@LukeMathWalker LukeMathWalker deleted the jonas/fix-rlookuprow branch September 22, 2025 13:51
nafraf pushed a commit that referenced this pull request Sep 22, 2025
@JonasKruckenberg @nafraf
fix: RLookupRow use-after-free due to inconsistent refcount handling (#…
280369b 
…6838)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@LukeMathWalker LukeMathWalker LukeMathWalker approved these changes

@DarthB DarthB Awaiting requested review from DarthB

Assignees

No one assigned

Labels

size:M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JonasKruckenberg @LukeMathWalker