From ecb3f254ad5c0e039f949b084a2b136f62e3efb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Botond=20D=C3=A9nes?= Date: Tue, 31 Mar 2026 11:03:58 +0300 Subject: [PATCH] sstables: fix segfault in parse_assert() when message is nullptr parse_assert() accepts an optional `message` parameter that defaults to nullptr. When the assertion fails and message is nullptr, it is implicitly converted to sstring via the sstring(const char*) constructor, which calls strlen(nullptr) -- undefined behavior that manifests as a segfault in __strlen_evex. This turns what should be a graceful malformed_sstable_exception into a fatal crash. In the case of CUSTOMER-279, a corrupt SSTable triggered parse_assert() during streaming (in continuous_data_consumer:: fast_forward_to()), causing a crash loop on the affected node. Fix by guarding the nullptr case with a ternary, passing an empty sstring() when message is null. on_parse_error() already handles the empty-message case by substituting "parse_assert() failed". Fixes: SCYLLADB-1672 Closes scylladb/scylladb#29285 (cherry picked from commit cfebe17592ba725ab5a57167564b1c39753c7e15) Closes scylladb/scylladb#29597 --- sstables/exceptions.hh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sstables/exceptions.hh b/sstables/exceptions.hh index d0a2fe5eea..7f404edf6a 100644 --- a/sstables/exceptions.hh +++ b/sstables/exceptions.hh @@ -38,7 +38,7 @@ public: // The exception will include a complete backtrace, so no need to add call-site identifiers to the message. inline void parse_assert(bool condition, std::optional filename = {}, const char* message = nullptr) { if (!condition) [[unlikely]] { - on_parse_error(message, filename); + on_parse_error(message ? message : sstring(), filename); } }