tarantool/http

httpd: SEGV_MAPERR when box httpd html escaping

filonenko-mikhail opened this issue · 1 comments

filonenko-mikhail commented

Environment

tarantool --v
Tarantool 1.9.0-61-gcd48321
Target: Darwin-x86_64-Release
Build options: cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/Cellar/tarantool/1.9.0.61 -DENABLE_BACKTRACE=ON
Compiler: /usr/local/Homebrew/Library/Homebrew/shims/super/clang /usr/local/Homebrew/Library/Homebrew/shims/super/clang++
C_FLAGS: -fexceptions -funwind-tables -fno-omit-frame-pointer -fno-stack-protector -fno-common -fopenmp -msse2 -std=c11 -Wall -Wextra -Wno-strict-aliasing -Wno-char-subscripts -Wno-format-truncation
CXX_FLAGS: -fexceptions -funwind-tables -fno-omit-frame-pointer -fno-stack-protector -fno-common -fopenmp -msse2 -std=c++11 -Wall -Wextra -Wno-strict-aliasing -Wno-char-subscripts -Wno-format-truncation

Test case

tarantoolctl rocks install html

test.lua

!/usr/bin/env tarantool

require('strict').on()

local http = require('http.server')

local server = http.new("0.0.0.0",9090)

local test_el = [[
      <%= {{continue}} %>"
]]

local function test(req)

    local resp = req:render({continue="/"})
    resp.status = 200
    return resp
end


server:route({path='/', template=test_el}, test)
server:start()

send request

curl http://127.0.0.1:9090/

Backtrace

Segmentation fault
  code: SEGV_MAPERR
  addr: 0x0
  context: 0x102c1f4c8
  siginfo: 0x102c1f460
Current time: 1523973121
Please file a bug at http://github.com/tarantool/tarantool/issues
Attempting backtrace... Note: since the server has already crashed,
this may fail as well
#0  0x10071e6be in print_backtrace+9
#1  0x10067cb03 in _ZL12sig_fatal_cbiP9__siginfoPv+158
#2  0x7fff7aeb7f5a in _sigtramp+1a
#3  0x102b14f82 in lbox_httpd_escape_html+d2
#4  0x100733005 in lj_BC_FUNCC+44
#5  0x100743003 in lua_pcall+96
#6  0x102b13a7d in lbox_httpd_template+4ad
#7  0x100733005 in lj_BC_FUNCC+44
#8  0x100743003 in lua_pcall+96
#9  0x10071164c in luaT_call+13
#10 0x10070dc8b in lua_fiber_run_f+66
#11 0x10067c6fc in _ZL16fiber_cxx_invokePFiP13__va_list_tagES0_+c
#12 0x10071c878 in fiber_loop+2a
#13 0x100831267 in coro_init+4b
abort trap: 6

Other test case

#!/usr/bin/env tarantool

require('strict').on()

local http = require('http.server')

local server = http.new("0.0.0.0",9090)

local test_el = [[

      % if error then
        <%= error %>
      % end
]]

local function test(req)

    local resp = req:render({})
    resp.status = 200
    return resp
end


server:route({path='/', template=test_el}, test)
server:start()
olegrok commented

The root of problem in this line

http/http/lib.c

Line 117 in 518d62c

for (; *s; s++) {

If you check that s != NULL server will return you

"