mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-24 10:30:38 +00:00
cfebe17592
parse_assert() accepts an optional `message` parameter that defaults to nullptr. When the assertion fails and message is nullptr, it is implicitly converted to sstring via the sstring(const char*) constructor, which calls strlen(nullptr) -- undefined behavior that manifests as a segfault in __strlen_evex. This turns what should be a graceful malformed_sstable_exception into a fatal crash. In the case of CUSTOMER-279, a corrupt SSTable triggered parse_assert() during streaming (in continuous_data_consumer:: fast_forward_to()), causing a crash loop on the affected node. Fix by guarding the nullptr case with a ternary, passing an empty sstring() when message is null. on_parse_error() already handles the empty-message case by substituting "parse_assert() failed". Fixes: SCYLLADB-1329 Closes scylladb/scylladb#29285
52 lines
1.8 KiB
C++
52 lines
1.8 KiB
C++
/*
|
|
* Copyright (C) 2015-present ScyllaDB
|
|
*
|
|
*/
|
|
|
|
/*
|
|
* SPDX-License-Identifier: LicenseRef-ScyllaDB-Source-Available-1.1
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <concepts>
|
|
#include <seastar/core/format.hh>
|
|
|
|
#include "sstables/component_type.hh"
|
|
#include "seastarx.hh"
|
|
|
|
namespace sstables {
|
|
class malformed_sstable_exception : public std::exception {
|
|
sstring _msg;
|
|
public:
|
|
malformed_sstable_exception(sstring msg, component_name filename)
|
|
: malformed_sstable_exception{format("{} in sstable {}", msg, filename)}
|
|
{}
|
|
malformed_sstable_exception(sstring s) : _msg(s) {}
|
|
const char *what() const noexcept {
|
|
return _msg.c_str();
|
|
}
|
|
};
|
|
|
|
[[noreturn]] void on_parse_error(sstring message, std::optional<component_name> filename);
|
|
[[noreturn, gnu::noinline]] void on_bti_parse_error(uint64_t pos);
|
|
|
|
// Use this instead of SCYLLA_ASSERT() or assert() in code that is used while parsing SSTables.
|
|
// SSTables can be corrupted either by ScyllaDB itself or by a freak accident like cosmic background
|
|
// radiation hitting the disk the wrong way. Either way a corrupt SSTable should not bring down the
|
|
// whole server. This method will call on_internal_error() if the condition is false.
|
|
// The exception will include a complete backtrace, so no need to add call-site identifiers to the message.
|
|
inline void parse_assert(bool condition, std::optional<component_name> filename = {}, const char* message = nullptr) {
|
|
if (!condition) [[unlikely]] {
|
|
on_parse_error(message ? message : sstring(), filename);
|
|
}
|
|
}
|
|
|
|
struct bufsize_mismatch_exception : malformed_sstable_exception {
|
|
bufsize_mismatch_exception(size_t size, size_t expected) :
|
|
malformed_sstable_exception(format("Buffer improperly sized to hold requested data. Got: {:d}. Expected: {:d}", size, expected))
|
|
{}
|
|
};
|
|
|
|
}
|