Lua: redis.call() kills Redis server #655

Closed
tonylazarew opened this Issue Aug 30, 2012 · 2 comments

Projects

None yet

2 participants

Redis instance dies with seg fault if I do the following:

EVAL "redis.call()" 0

Of course this isn't a proper thing to do but I think it should get back with an error message rather than killing a server :-)
Below is Redis bug report data:

[5619] 30 Aug 17:19:38.718 #     Redis 2.5.12 crashed by signal: 11
[5619] 30 Aug 17:19:38.718 #     Failed assertion: <no assertion failed> (<no file>:0)
[5619] 30 Aug 17:19:38.718 # --- STACK TRACE
src/redis-server(logStackTrace+0x3c)[0x43651c]
src/redis-server(dictSdsCaseHash+0x0)[0x4126c0]
/lib64/tls/libpthread.so.0[0x387f20c5b0]
src/redis-server(dictSdsCaseHash+0x0)[0x4126c0]
src/redis-server(dictFind+0x2e)[0x41182e]
src/redis-server(dictFetchValue+0x9)[0x411b79]
src/redis-server(luaRedisGenericCommand+0xe3)[0x4392a3]
src/redis-server[0x43fcc4]
src/redis-server[0x448a39]
src/redis-server[0x43ffed]
src/redis-server[0x43f57e]
src/redis-server[0x4402f0]
src/redis-server(lua_pcall+0x56)[0x43db96]
src/redis-server(evalGenericCommand+0x211)[0x43a4f1]
src/redis-server(call+0x4f)[0x413c5f]
src/redis-server(processCommand+0x2d2)[0x415822]
src/redis-server(processInputBuffer+0x4b)[0x41d89b]
src/redis-server(readQueryFromClient+0x1ad)[0x41daad]
src/redis-server(aeProcessEvents+0x199)[0x4105a9]
src/redis-server(aeMain+0x3f)[0x41082f]
src/redis-server(main+0x21b)[0x4163db]
/lib64/tls/libc.so.6(__libc_start_main+0xdb)[0x387eb1c3fb]
src/redis-server[0x40f89a]
[5619] 30 Aug 17:19:38.719 # --- INFO OUTPUT
[5619] 30 Aug 17:19:38.719 # # Server
redis_version:2.5.12
redis_git_sha1:00000000
redis_git_dirty:0
os:Linux 2.6.9-67.ELsmp x86_64
arch_bits:64
multiplexing_api:epoll
gcc_version:3.4.6
process_id:5619
run_id:c45fe09a1c7a099fe284342285741321d9e043df
tcp_port:8055
uptime_in_seconds:29
uptime_in_days:0
lru_clock:415549

# Clients
connected_clients:2
client_longest_output_list:0
client_biggest_input_buf:0
blocked_clients:0

# Memory
used_memory:615920
used_memory_human:601.48K
used_memory_rss:2187264
used_memory_peak:615064
used_memory_peak_human:600.65K
used_memory_lua:35840
mem_fragmentation_ratio:3.55
mem_allocator:jemalloc-3.0.0

# Persistence
loading:0
rdb_changes_since_last_save:0
rdb_bgsave_in_progress:0
rdb_last_save_time:1346332749
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:-1
rdb_current_bgsave_time_sec:-1
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok

# Stats
total_connections_received:2
total_commands_processed:3
instantaneous_ops_per_sec:0
rejected_connections:0
expired_keys:0
evicted_keys:0
keyspace_hits:0
keyspace_misses:1
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:0

# Replication
role:master
connected_slaves:0

# CPU
used_cpu_sys:0.00
used_cpu_user:0.01
used_cpu_sys_children:0.00
used_cpu_user_children:0.00

# Commandstats
cmdstat_get:calls=1,usec=2,usec_per_call=2.00
cmdstat_select:calls=1,usec=5,usec_per_call=5.00
cmdstat_eval:calls=1,usec=125,usec_per_call=125.00

# Keyspace
db0:keys=336,expires=0
hash_init_value: 1346021379

[5619] 30 Aug 17:19:38.719 # --- CLIENT LIST OUTPUT
[5619] 30 Aug 17:19:38.719 # addr=10.125.58.78:33708 fd=5 age=27 idle=27 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=0 qbuf-free=0 obl=0 oll=0 omem=0 events=r cmd=select
addr=10.125.58.69:9319 fd=6 age=6 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=0 qbuf-free=32768 obl=0 oll=0 omem=0 events=r cmd=eval

[5619] 30 Aug 17:19:38.719 # --- CURRENT CLIENT INFO
[5619] 30 Aug 17:19:38.719 # client: addr=10.125.58.69:9319 fd=6 age=6 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=0 qbuf-free=32768 obl=0 oll=0 omem=0 events=r cmd=eval
[5619] 30 Aug 17:19:38.719 # argv[0]: 'eval'
[5619] 30 Aug 17:19:38.719 # argv[1]: 'redis.call()'
[5619] 30 Aug 17:19:38.719 # argv[2]: '0'
[5619] 30 Aug 17:19:38.719 # --- REGISTERS
[5619] 30 Aug 17:19:38.719 # 
RAX:0000000000598200 RBX:0000000000000000
RCX:0000002a95c23400 RDX:0000000000000018
RDI:3466373737333038 RSI:0000000000000068
RBP:0000002a95c12080 RSP:0000007fbffff0f8
R8 :000000000059b7c0 R9 :00000000000015f3
R10:00000000503f686a R11:000000387ed316b8
R12:3466373737333038 R13:0000000000000000
R14:0000002a95c0e060 R15:00000000005c2640
RIP:00000000004126c0 EFL:0000000000010246
CSGSFS:00000000000026f8
[5619] 30 Aug 17:19:38.719 # (0000007fbffff170) -> 00000000005c2640
[5619] 30 Aug 17:19:38.719 # (0000007fbffff168) -> 00000000005c28d0
[5619] 30 Aug 17:19:38.719 # (0000007fbffff160) -> 00000000005c2640
[5619] 30 Aug 17:19:38.719 # (0000007fbffff158) -> 00000000005c28d0
[5619] 30 Aug 17:19:38.719 # (0000007fbffff150) -> 00000001bffff240
[5619] 30 Aug 17:19:38.719 # (0000007fbffff148) -> 0000002a95ce4000
[5619] 30 Aug 17:19:38.719 # (0000007fbffff140) -> 00000000005ca690
[5619] 30 Aug 17:19:38.719 # (0000007fbffff138) -> 00000000004392a3
[5619] 30 Aug 17:19:38.719 # (0000007fbffff130) -> 00000000005c2640
[5619] 30 Aug 17:19:38.719 # (0000007fbffff128) -> 0000000000411b79
[5619] 30 Aug 17:19:38.719 # (0000007fbffff120) -> 0000002a95c0e060
[5619] 30 Aug 17:19:38.719 # (0000007fbffff118) -> 0000000000000000
[5619] 30 Aug 17:19:38.719 # (0000007fbffff110) -> 00000000005c28d0
[5619] 30 Aug 17:19:38.719 # (0000007fbffff108) -> 00000000005c2640
[5619] 30 Aug 17:19:38.719 # (0000007fbffff100) -> 0000000000000000
[5619] 30 Aug 17:19:38.719 # (0000007fbffff0f8) -> 000000000041182e
[5619] 30 Aug 17:19:38.719 # 
Owner
antirez commented Aug 30, 2012

Thanks for reporting, I'll fix that ASAP.

@antirez antirez added a commit that referenced this issue Aug 31, 2012
@antirez antirez Scripting: require at least one argument for redis.call().
Redis used to crash with a call like the following:

    EVAL "redis.call()" 0

Now the explicit check for at least one argument prevents the problem.

This commit fixes issue #655.
46c31a1
@antirez antirez added a commit that referenced this issue Aug 31, 2012
@antirez antirez Scripting: require at least one argument for redis.call().
Redis used to crash with a call like the following:

    EVAL "redis.call()" 0

Now the explicit check for at least one argument prevents the problem.

This commit fixes issue #655.
edfaa64
Owner
antirez commented Aug 31, 2012

Fixed, closing.

@antirez antirez closed this Aug 31, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment