CQL typo may cause segmentation fault #3740

psarna · 2018-09-03T08:57:28Z

Installation details
Scylla version (or git commit hash): master, 6593226

I'm not sure yet whether it's a misuse of ANTLR that we can work around or a bug, but here's how to reproduce (note the lack of whitespace between 3 and allow filtering:

select * from t where p2 >= 2 and p2 < 3allow filtering;
NoHostAvailable:

Decoded backtrace:

void seastar::backtrace<seastar::backtrace_buffer::append_backtrace()::{lambda(seastar::frame)#1}>(seastar::backtrace_buffer::append_backtrace()::{lambda(seastar::frame)#1}&&) at /home/sarna/repo/scylla/seastar/util/backtrace.hh:56
seastar::backtrace_buffer::append_backtrace() at /home/sarna/repo/scylla/seastar/core/reactor.cc:410
 (inlined by) print_with_backtrace at /home/sarna/repo/scylla/seastar/core/reactor.cc:431
seastar::print_with_backtrace(char const*) at /home/sarna/repo/scylla/seastar/core/reactor.cc:438
sigsegv_action at /home/sarna/repo/scylla/seastar/core/reactor.cc:4019
 (inlined by) operator() at /home/sarna/repo/scylla/seastar/core/reactor.cc:4005
 (inlined by) _FUN at /home/sarna/repo/scylla/seastar/core/reactor.cc:4001
?? ??:0
antlr3::DefaultAllocPolicy::alloc0(unsigned long) at /usr/include/antlr3memory.hpp:146
 (inlined by) antlr3::BitsetList<antlr3::TraitsBase<antlr3::CustomTraitsBase> >::bitsetLoad() at /usr/include/antlr3bitset.inl:108
antlr3::ANTLR_Exception<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty>, (antlr3::ExceptionType)3, antlr3::InputStream<antlr3::TraitsBase<antlr3::CustomTraitsBase> > >::displayRecognitionError(unsigned char**, std::__cxx11::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >&) const at /usr/include/antlr3exception.inl:315
cql3::error_collector<cql3_parser::CqlLexer, unsigned char, antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty>::ExceptionBaseType<antlr3::InputStream<antlr3::TraitsBase<antlr3::CustomTraitsBase> > > >::get_error_message[abi:cxx11](cql3_parser::CqlLexer&, antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty>::ExceptionBaseType<antlr3::InputStream<antlr3::TraitsBase<antlr3::CustomTraitsBase> > >*, unsigned char**) at /home/sarna/repo/scylla/./cql3/error_collector.hh:147
cql3::error_collector<cql3_parser::CqlLexer, unsigned char, antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty>::ExceptionBaseType<antlr3::InputStream<antlr3::TraitsBase<antlr3::CustomTraitsBase> > > >::syntax_error(cql3_parser::CqlLexer&, unsigned char**, antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty>::ExceptionBaseType<antlr3::InputStream<antlr3::TraitsBase<antlr3::CustomTraitsBase> > >*) at /home/sarna/repo/scylla/./cql3/error_collector.hh:85
cql3_parser::CqlLexer::displayRecognitionError(unsigned char**, antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty>::ExceptionBaseType<antlr3::InputStream<antlr3::TraitsBase<antlr3::CustomTraitsBase> > >*) at /home/sarna/repo/scylla/build/release/gen/cql3/CqlLexer.hpp:344
 (inlined by) antlr3::BaseRecognizer<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty>, antlr3::InputStream<antlr3::TraitsBase<antlr3::CustomTraitsBase> > >::displayRecognitionError(unsigned char**) at /usr/include/antlr3baserecognizer.inl:262
 (inlined by) antlr3::BaseRecognizer<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty>, antlr3::InputStream<antlr3::TraitsBase<antlr3::CustomTraitsBase> > >::reportError(antlr3::ClassForwarder<cql3_parser::CqlLexer>) at /usr/include/antlr3baserecognizer.inl:217
 (inlined by) antlr3::BaseRecognizer<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty>, antlr3::InputStream<antlr3::TraitsBase<antlr3::CustomTraitsBase> > >::reportError() at /usr/include/antlr3baserecognizer.inl:207
 (inlined by) antlr3::TokenSource<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty> >::nextTokenStr() at /usr/include/antlr3tokenstream.inl:111
antlr3::TokenSource<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty> >::nextToken(antlr3::BoolForwarder<false>) at /usr/include/antlr3tokenstream.inl:221
 (inlined by) antlr3::TokenSource<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty> >::nextToken() at /usr/include/antlr3tokenstream.inl:141
 (inlined by) antlr3::CommonTokenStream<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty> >::fillBuffer() at /usr/include/antlr3tokenstream.inl:829
antlr3::TokenStream<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty> >::_LT(int) at /usr/include/antlr3tokenstream.inl:410
antlr3::TokenIntStream<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty> >::_LA(int) at /usr/include/antlr3intstream.inl:1485
 (inlined by) antlr3::Parser<antlr3::Traits<cql3_parser::CqlLexer, cql3_parser::CqlParser, antlr3::CustomTraitsBase, antlr3::Empty> >::LA(int) at /usr/include/antlr3parser.inl:371
 (inlined by) cql3_parser::CqlParser::cqlStatement() at /home/sarna/repo/scylla/build/release/gen/cql3/CqlParser.cpp:2954
cql3_parser::CqlParser::query() at /home/sarna/repo/scylla/build/release/gen/cql3/CqlParser.cpp:2816
seastar::shared_ptr<cql3::statements::raw::parsed_statement> std::__invoke_impl<seastar::shared_ptr<cql3::statements::raw::parsed_statement>, seastar::shared_ptr<cql3::statements::raw::parsed_statement> (cql3_parser::CqlParser::* const&)(), cql3_parser::CqlParser&>(std::__invoke_memfun_ref, seastar::shared_ptr<cql3::statements::raw::parsed_statement> (cql3_parser::CqlParser::* const&)(), cql3_parser::CqlParser&) at /usr/include/c++/8/bits/invoke.h:66
 (inlined by) std::__invoke_result<seastar::shared_ptr<cql3::statements::raw::parsed_statement> (cql3_parser::CqlParser::* const&)(), cql3_parser::CqlParser&>::type std::__invoke<seastar::shared_ptr<cql3::statements::raw::parsed_statement> (cql3_parser::CqlParser::* const&)(), cql3_parser::CqlParser&>(seastar::shared_ptr<cql3::statements::raw::parsed_statement> (cql3_parser::CqlParser::* const&)(), cql3_parser::CqlParser&) at /usr/include/c++/8/bits/invoke.h:96
 (inlined by) decltype (__invoke((*this)._M_pmf, (forward<cql3_parser::CqlParser&>)({parm#1}))) std::_Mem_fn_base<seastar::shared_ptr<cql3::statements::raw::parsed_statement> (cql3_parser::CqlParser::*)(), true>::operator()<cql3_parser::CqlParser&>(cql3_parser::CqlParser&) const at /usr/include/c++/8/functional:114
 (inlined by) seastar::shared_ptr<cql3::statements::raw::parsed_statement> cql3::util::do_with_parser<std::_Mem_fn<seastar::shared_ptr<cql3::statements::raw::parsed_statement> (cql3_parser::CqlParser::*)()>, seastar::shared_ptr<cql3::statements::raw::parsed_statement> >(std::experimental::fundamentals_v1::basic_string_view<char, std::char_traits<char> > const&, std::_Mem_fn<seastar::shared_ptr<cql3::statements::raw::parsed_statement> (cql3_parser::CqlParser::*)()>&&) at /home/sarna/repo/scylla/./cql3/util.hh:53

The text was updated successfully, but these errors were encountered:

The Antlr3 exception class has a null dereference bug that crashes the system when trying to extract the exception message using ANTLR_Exception<...>::displayRecognitionError(...) function. When a parsing error occurs the CqlParser throws an exception which in turn processesed for some special cases in scylla to generate a custom message. The default case however, creates the message using displayRecognitionError, causing the system to crash. The fix is a simple workaround, making sure the pointer is not null before the call to the function. A "proper" fix can't be implemented because the exception class itself is implemented outside scylla in antlr headers that resides on the host machine os. Tested manualy 2 testcases, a typo causing scylla to crash and a cql comment without a newline at the end also caused scylla to crash. Ran unit tests (release). Fixes #3740 Fixes #3764 Signed-off-by: Eliran Sinvani <eliransin@scylladb.com> Message-Id: <cfc7e0d758d7a855d113bb7c8191b0fd7d2e8921.1538566542.git.eliransin@scylladb.com> (cherry picked from commit 20f4956)

tzach added type/bug high area/cql labels Sep 3, 2018

slivne assigned eliransin Sep 16, 2018

slivne added this to the 3.0 milestone Sep 16, 2018

scylladb-promoter closed this as completed in 20f4956 Oct 4, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CQL typo may cause segmentation fault #3740

CQL typo may cause segmentation fault #3740

psarna commented Sep 3, 2018 •

edited

CQL typo may cause segmentation fault #3740

CQL typo may cause segmentation fault #3740

Comments

psarna commented Sep 3, 2018 • edited

psarna commented Sep 3, 2018 •

edited