fix: json.set recursive processing crash #5040
Open
+78
−7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Please add explanation to the PR description. In general, for any non-trivial PRs, please state at least:
|
romange
reviewed
May 2, 2025
src/server/json_family_test.cc
Outdated
| @@ -3087,4 +3087,29 @@ TEST_F(JsonFamilyTest, DepthLimitExceeded) { | |||
| ASSERT_THAT(resp, ErrArg("ERR failed to parse JSON")); | |||
| } | |||
|
|
|||
| TEST_F(JsonFamilyTest, RecursiveDescentMutation) { | |||
There was a problem hiding this comment.
Once you identified the problem you should find what is the minimum possible unit test that can help reproducing the problem. It's fine to add tests here but it's necessary to add tests to src/core/json/jsonpath_test.cc where you can reproduce it precisely and be able to iterate quickly.
vyavdoshenko
changed the title
vyavdoshenko
force-pushed
the
bobik/json_set_recursive_crash
branch
5 times, most recently
from
4f9afa5 to
f1ade14
Compare
romange
reviewed
May 2, 2025
src/core/json/detail/jsoncons_dfs.h
Outdated
| return depth_state_.first; | ||
| } | ||
|
|
||
| // Added getter for segment_step_ |
There was a problem hiding this comment.
no need to write "added" in code comments :)
also, this comment is redundant we do not need describing c++ one liners.
romange
reviewed
May 2, 2025
src/core/json/detail/jsoncons_dfs.cc
Outdated
| @@ -8,6 +8,8 @@ | |||
|
|
|||
| #include "core/json/detail/jsoncons_dfs.h" | |||
|
|
|||
| #include <set> | |||
There was a problem hiding this comment.
we use #include <absl/container/flat_hash_set.h> as drop in replacement
romange
reviewed
May 2, 2025
vyavdoshenko
force-pushed
the
bobik/json_set_recursive_crash
branch
from
f1ade14 to
71aa4c5
Compare
vyavdoshenko
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: #5038
What's not working:
Using JSON.SET with recursive descent paths ($..) on nested JSON objects could lead to hangs or crashes. This occurred because the mutation logic could process the same node multiple times if it was discovered via different paths during the traversal.
How this PR fixes the issue:
This PR adjusts the iteration logic. When processing elements of an object or array targeted by a path segment, the code now correctly handles iterator advancement, especially after an element might have been modified or erased by the mutation callback. This ensures that each element within the target object/array is considered for mutation exactly once during that step, preventing infinite loops or incorrect processing that previously led to the crash/hang with $.. paths.