Skip to content

fix server crash for STRALGO command#7304

Merged
antirez merged 2 commits intoredis:unstablefrom
hwware:lcs_fix
May 21, 2020
Merged

fix server crash for STRALGO command#7304
antirez merged 2 commits intoredis:unstablefrom
hwware:lcs_fix

Conversation

@hwware
Copy link
Contributor

@hwware hwware commented May 21, 2020

This PR fix: https://github.com/antirez/redis/issues/7301

Cause of this issue: STRAGO LCS command should do sanity check on STRINGS or KEYS parameters length, @antirez please take look, thanks

@hwware
Copy link
Contributor Author

hwware commented May 21, 2020

core dumps:
=== REDIS BUG REPORT START: Cut & paste starting from here ===
27630:M 21 May 2020 17:37:32.531 # Redis 999.999.999 crashed by signal: 11
27630:M 21 May 2020 17:37:32.531 # Crashed running the instruction at: 0x3295e
27630:M 21 May 2020 17:37:32.531 # Accessing address: 0x78858d24
27630:M 21 May 2020 17:37:32.531 # Failed assertion: (:0)

------ STACK TRACE ------
EIP:
0 redis-server 0x0003295e dictSdsHash + 14

Backtrace:
0 redis-server 0x00088b75 logStackTrace + 117
1 redis-server 0x00088f5e sigsegvHandler + 238
2 libsystem_platform.dylib 0xa17b8e5b _sigtramp + 43
3 ??? 0xffffffff 0x0 + 4294967295
4 redis-server 0x00030c9f dictFind + 63
5 redis-server 0x000527f6 lookupKey + 38
6 redis-server 0x000528c2 lookupKeyReadWithFlags + 98
7 redis-server 0x00052af6 lookupKeyRead + 22
8 redis-server 0x000689f6 stralgoLCS + 454
9 redis-server 0x00037685 call + 325
10 redis-server 0x000381ef processCommand + 1839
11 redis-server 0x0004b252 processInputBuffer + 370
12 redis-server 0x000456dd readQueryFromClient + 973
13 redis-server 0x000e3864 connSocketEventHandler + 308
14 redis-server 0x0002e7b1 aeProcessEvents + 689
15 redis-server 0x0002eafb aeMain + 27
16 redis-server 0x0003c1f8 main + 1992
17 libdyld.dylib 0xa15af395 start + 1

------ INFO OUTPUT ------

Server

redis_version:999.999.999
redis_git_sha1:fe640e58
redis_git_dirty:0
redis_build_id:a9aab30310212c7f
redis_mode:standalone
os:Darwin 16.7.0 x86_64
arch_bits:32
multiplexing_api:kqueue
atomicvar_api:atomic-builtin
gcc_version:4.2.1
process_id:27630
run_id:c3dd82daca865ac9002d3d164f243067435b1f89
tcp_port:6379
uptime_in_seconds:12
uptime_in_days:0
hz:10
configured_hz:10
lru_clock:13038748
executable:/Users/danieldai/Documents/hwware/redis/src/./redis-server
config_file:

Clients

connected_clients:1
client_recent_max_input_buffer:0
client_recent_max_output_buffer:0
blocked_clients:0
tracking_clients:0
clients_in_timeout_table:0

Memory

used_memory:788880
used_memory_human:770.39K
used_memory_rss:1859584
used_memory_rss_human:1.77M
used_memory_peak:788880
used_memory_peak_human:770.39K
used_memory_peak_perc:107.07%
used_memory_overhead:691756
used_memory_startup:691568
used_memory_dataset:97124
used_memory_dataset_perc:99.81%
allocator_allocated:736768
allocator_active:1833984
allocator_resident:1833984
total_system_memory:0
total_system_memory_human:0B
used_memory_lua:25600
used_memory_lua_human:25.00K
used_memory_scripts:0
used_memory_scripts_human:0B
number_of_cached_scripts:0
maxmemory:3221225472
maxmemory_human:3.00G
maxmemory_policy:noeviction
allocator_frag_ratio:2.49
allocator_frag_bytes:1097216
allocator_rss_ratio:1.00
allocator_rss_bytes:0
rss_overhead_ratio:1.01
rss_overhead_bytes:25600
mem_fragmentation_ratio:2.52
mem_fragmentation_bytes:1122816
mem_not_counted_for_evict:0
mem_replication_backlog:0
mem_clients_slaves:0
mem_clients_normal:0
mem_aof_buffer:0
mem_allocator:libc
active_defrag_running:0
lazyfree_pending_objects:0

Persistence

loading:0
rdb_changes_since_last_save:0
rdb_bgsave_in_progress:0
rdb_last_save_time:1590097040
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:-1
rdb_current_bgsave_time_sec:-1
rdb_last_cow_size:0
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_last_write_status:ok
aof_last_cow_size:0
module_fork_in_progress:0
module_fork_last_cow_size:0

Stats

total_connections_received:1
total_commands_processed:0
instantaneous_ops_per_sec:0
total_net_input_bytes:36
total_net_output_bytes:0
instantaneous_input_kbps:0.00
instantaneous_output_kbps:0.00
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:0
expired_stale_perc:0.00
expired_time_cap_reached_count:0
expire_cycle_cpu_milliseconds:0
evicted_keys:0
keyspace_hits:0
keyspace_misses:0
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:0
migrate_cached_sockets:0
slave_expires_tracked_keys:0
active_defrag_hits:0
active_defrag_misses:0
active_defrag_key_hits:0
active_defrag_key_misses:0
tracking_total_keys:0
tracking_total_items:0
tracking_total_prefixes:0
unexpected_error_replies:0

Replication

role:master
connected_slaves:0
master_replid:592d1b1f7c462739284c5b19a3f8ea72fd2ddfaf
master_replid2:0000000000000000000000000000000000000000
master_repl_offset:0
master_repl_meaningful_offset:0
second_repl_offset:-1
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0

CPU

used_cpu_sys:0.017377
used_cpu_user:0.009186
used_cpu_sys_children:0.000000
used_cpu_user_children:0.000000

Modules

Commandstats

Cluster

cluster_enabled:0

Keyspace

db0:keys=5,expires=0,avg_ttl=0

------ CLIENT LIST OUTPUT ------
id=4 addr=127.0.0.1:61334 fd=8 name= age=0 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=36 qbuf-free=32732 obl=0 oll=0 omem=0 events=r cmd=stralgo user=default

------ CURRENT CLIENT INFO ------
id=4 addr=127.0.0.1:61334 fd=8 name= age=0 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=36 qbuf-free=32732 obl=0 oll=0 omem=0 events=r cmd=stralgo user=default
argv[0]: 'STRALGO'
argv[1]: 'LCS'
argv[2]: 'KEYS'

------ REGISTERS ------
27630:M 21 May 2020 17:37:32.535 #
EAX:78858d25 EBX:7a169200 ECX:00000005 EDX:0003295a
EDI:000527de ESI:78858d25 EBP:bffd66d8 ESP:bffd66d0
SS:00000023 EFL:00010296 EIP:0003295e CS :0000001b
DS:00000023 ES:00000023 FS :00000000 GS :0000000f
27630:M 21 May 2020 17:37:32.535 # (bffd66df) -> 000527f6
27630:M 21 May 2020 17:37:32.535 # (bffd66de) -> bffd6728
27630:M 21 May 2020 17:37:32.535 # (bffd66dd) -> 7abc3a00
27630:M 21 May 2020 17:37:32.535 # (bffd66dc) -> 000527de
27630:M 21 May 2020 17:37:32.535 # (bffd66db) -> 00030000
27630:M 21 May 2020 17:37:32.535 # (bffd66da) -> bffd6728
27630:M 21 May 2020 17:37:32.535 # (bffd66d9) -> 0005294e
27630:M 21 May 2020 17:37:32.535 # (bffd66d8) -> 0005286e
27630:M 21 May 2020 17:37:32.535 # (bffd66d7) -> 00030000
27630:M 21 May 2020 17:37:32.535 # (bffd66d6) -> 797691b0
27630:M 21 May 2020 17:37:32.535 # (bffd66d5) -> 00000001
27630:M 21 May 2020 17:37:32.535 # (bffd66d4) -> 78858d25
27630:M 21 May 2020 17:37:32.535 # (bffd66d3) -> 00030c9f
27630:M 21 May 2020 17:37:32.535 # (bffd66d2) -> bffd6708
27630:M 21 May 2020 17:37:32.535 # (bffd66d1) -> 7a169200
27630:M 21 May 2020 17:37:32.535 # (bffd66d0) -> 78858d25

------ MODULES INFO OUTPUT ------

------ DUMPING CODE AROUND EIP ------
Symbol: dictSdsHash (base: 0x32950)
Module: /Users/danieldai/Documents/hwware/redis/src/./redis-server (base 0x2a000)
$ xxd -r -p /tmp/dump.hex /tmp/dump.bin
$ objdump --adjust-vma=0x32950 -D -b binary -m i386:x86-64 /tmp/dump.bin

27630:M 21 May 2020 17:37:32.536 # dump of function (hexdump of 142 bytes):
5589e55356e8000000005a8b45080fb648ff89cb80e30780fb04771389ce83e6070394b24e000000ffe2c1e903eb1831c9eb140fb648fdeb0e0fb748fbeb088b48f7eb038b48ef83ec085150e83fd7ffff83c4105e5b5dc320000000290000002f000000350000003a0000000f1f40005589e55356e8000000005a8b45080fb648ff89cb80e30780fb04771389ce
Function at 0x3295a is dictSdsHash
Function at 0x300e0 is dictGenHashFunction
Function at 0x329ca is dictSdsCaseHash

=== REDIS BUG REPORT END. Make sure to include from START to END. ===

   Please report the crash by opening an issue on github:

       http://github.com/antirez/redis/issues

Suspect RAM error? Use redis-server --test-memory to verify it.

Segmentation fault: 11

@antirez
Copy link
Contributor

antirez commented May 21, 2020

@hwware thanks! Please can you resubmit using the already defined moreargs variable? Thanks.

@hwware
Copy link
Contributor Author

hwware commented May 21, 2020

@antirez done, sorry I missed this :)

@antirez antirez merged commit 90fda5c into redis:unstable May 21, 2020
@antirez
Copy link
Contributor

antirez commented May 21, 2020

Thanks! Merged.

JackieXie168 pushed a commit to JackieXie168/redis that referenced this pull request Jun 18, 2020
fix server crash for STRALGO command
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

STRALGO LCS: Terminates redis CLI connection abruptly

2 participants