Bug: server shut down if use invalid file on /ml/import

Question

Bug: server shut down if use invalid file on /ml/import

kotolex opened this issue 8 months ago · 7 comments

SurrealDB ver 1.1.1, Macos Sonoma

Steps to reproduce

starts SurrealDB with --auth
use Postman or any http-client you like and send POST http://127.0.0.1:8000/ml/import with all needed fields(headers ns|db and basic auth) and send wrong file, for example file you export out of database. I just have no valid ml file which is expected here, so I use any file =)

Expected behaviour

I expect an error (400), as on other http endpoints here

Actual behaviour:

Server is immediatly shuts down on request to /ml/import with:
2024-01-27T14:38:33.286782Z INFO surreal::env: Running 1.1.1 for macos on aarch64 2024-01-27T14:38:33.287232Z INFO surreal::dbs: ✅🔒 Authentication is enabled 🔒✅ 2024-01-27T14:38:33.287677Z INFO surrealdb::kvs::ds: Starting kvs store at file://my_test_database.db 2024-01-27T14:38:33.372192Z INFO surrealdb::kvs::ds: Started kvs store at file://my_test_database.db 2024-01-27T14:38:33.375527Z INFO surrealdb::node: Started node agent 2024-01-27T14:38:33.377418Z INFO surrealdb::net: Started web server on 0.0.0.0:8000 thread 'surrealdb-worker' panicked at /Users/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/surrealml-core-0.0.3/src/storage/surml_file.rs:71:46: range end index 757932081 out of range for slice of length 3717 note: run withRUST_BACKTRACE=1environment variable to display a backtrace [1] 8348 abort surreal start --auth file:my_test_database.db

Here is with RUST_BACKTRACE=FULL
2024-01-27T14:47:03.865968Z INFO surrealdb::net: Started web server on 0.0.0.0:8000 thread 'surrealdb-worker' panicked at /Users/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/surrealml-core-0.0.3/src/storage/surml_file.rs:71:46: range end index 757932081 out of range for slice of length 3717 stack backtrace: 0: 0x1057e1114 - __mh_execute_header 1: 0x105459b74 - __mh_execute_header 2: 0x1057b97cc - __mh_execute_header 3: 0x1057e48b4 - __mh_execute_header 4: 0x1057e44fc - __mh_execute_header 5: 0x1057e5384 - __mh_execute_header 6: 0x1057e4f3c - __mh_execute_header 7: 0x1057e4ea8 - __mh_execute_header 8: 0x1057e4e9c - __mh_execute_header 9: 0x1064f5148 - __ZN7rocksdb6ribbon6detail34BandingConfigHelper1MaybeSupportedILNS0_25ConstructionFailureChanceE1ELy128ELb0ELb0ELb1EE11GetNumSlotsEj 10: 0x1064f5238 - __ZN7rocksdb6ribbon6detail34BandingConfigHelper1MaybeSupportedILNS0_25ConstructionFailureChanceE1ELy128ELb0ELb0ELb1EE11GetNumSlotsEj 11: 0x105dcc49c - __mh_execute_header 12: 0x1051987c8 - __mh_execute_header 13: 0x104f344b4 - __mh_execute_header 14: 0x1051df22c - __mh_execute_header 15: 0x104f37790 - __mh_execute_header 16: 0x1051df22c - __mh_execute_header 17: 0x104f3412c - __mh_execute_header 18: 0x1051deeac - __mh_execute_header 19: 0x104f35c68 - __mh_execute_header 20: 0x104fc3cbc - __mh_execute_header 21: 0x104f328d4 - __mh_execute_header 22: 0x1051deeac - __mh_execute_header 23: 0x104f57940 - __mh_execute_header 24: 0x104f608f0 - __mh_execute_header 25: 0x105101c00 - __mh_execute_header 26: 0x105edeb50 - __mh_execute_header 27: 0x105ee2320 - __mh_execute_header 28: 0x105ecf9b0 - __mh_execute_header 29: 0x105ecf6e8 - __mh_execute_header 30: 0x1057e7af8 - __mh_execute_header 31: 0x186b5e034 - __pthread_joiner_wake [1] 8442 abort surreal start --auth file:my_test_database.db

Answer 1 · 2024-01-30T15:06:41.000Z

@kotolex thanks for the report looking into it now, I'm going to add tests around bad files and handle them. This update might also affect require a main update in the surrealDB but this is mainly a surml issue so will keep you posted on here

Answer 2 · 2024-03-27T14:56:31.000Z

@kotolex sorry for the late reply got into some other things that had to be resolved. I have now updated the core with error handling and updated the testing of the surrealDB and it is now returning an error for an incorrect file format:
https://github.com/surrealdb/surrealdb/pull/3773/files

Answer 3 · 2024-03-27T16:49:50.000Z

hey! @maxwellflitton is that fix already at 1.4.beta?

Answer 4 · 2024-04-16T13:53:31.000Z

@kotolex hey sorry for the late reply, it is now in 1.4 stable:

https://github.com/surrealdb/surrealdb/blob/f06d8488e5130cd1eaa3c541f3b56ceac9b850bb/src/net/ml.rs#L59

Answer 5 · 2024-04-16T14:55:20.000Z

@maxwellflitton but it is still kills the server)
2024-04-16T14:51:53.822275Z INFO surreal::env: Running 1.4.0 for macos on aarch64 2024-04-16T14:51:53.822505Z INFO surreal::dbs: ✅🔒 Authentication is enabled 🔒✅ 2024-04-16T14:51:53.822777Z INFO surrealdb_core::kvs::ds: Starting kvs store in memory 2024-04-16T14:51:53.822826Z INFO surrealdb_core::kvs::ds: Started kvs store in memory 2024-04-16T14:51:53.824561Z INFO surrealdb_core::kvs::ds: Credentials were provided, and no root users were found. The root user 'root' will be created 2024-04-16T14:51:53.862192Z INFO surrealdb::net: Started web server on 0.0.0.0:8000 thread 'surrealdb-worker' panicked at /Users/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/surrealml-core-0.0.8/src/storage/surml_file.rs:71:46: range end index 757932081 out of range for slice of length 7772 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace [1] 52405 abort surreal start --auth --user root --pass root memory

Answer 6 · 2024-04-16T15:02:57.000Z

@kotolex this is strange as it is now part of the CI tests that a bad file gets uploaded and gets handled:
https://github.com/surrealdb/surrealdb/blob/64da2d8ee348443367daf3a57abd378af9f740de/tests/ml_integration.rs#L87
I've re-opened this and will look into it more

Answer 7 · 2024-04-16T15:19:11.000Z

maybe file in tests not as bad as mine? )))