SDK 3.0.7 - Segmentation fault calling viewQuery

giles · November 26, 2020, 5:08pm

Hi,

Ubuntu 18.04
SDK 3.0.7
Couchbase 6.6.0 Community edition

I am getting a segmentation fault when passing a “keys” array of a certain size to bucket.viewQuery().
When I say a certain size, this seems to be the bytesize of the keys array, not the number of keys.
I have created a very simple view. The definition of this view isn’t actually important,nor is the data in the bucket. The view just emits meta.id.

If I call this key with a keys array containing 77 values totalling around 2590 bytes, I get a segmentation fault. If I decrease this size slightly by either reducing the number or length of the keys, it works. If I increase the size by increasing either the number or length of keys it doesn’t crash but I get err LCB_ERR_VALUE_TOO_LARGE. There’s just this sweet spot in the middle that causes a seg fault.

In this test, none of the keys actually exist in the bucket (they’re just random strings I create for this test) but I don’t think that should matter.

I get this crash on all SDK version s from 3.0.0 to the latest (3.0.7). I have also tried Couchbase 6.0.0 and 6.6.0.
Before upgrading to 3.0.7 I was using 2.6 and I could do a view for any number of keys with no problem (I used to request 250 at a time and didn’t see a VALUE_TOO_LARGE error).

Please see the code below, that I am using to produce this error. You may need to modify NUM or KEYSIZE to cause a crash.

var couchbase = require('couchbase');
const SegfaultHandler = require('segfault-handler');

// Main processing.
(function() {
  function bytesize(arr) {
    return arr.reduce((total, arr) => total + (arr.length * 2), 0);
  }
  SegfaultHandler.registerHandler('crash.log');

  const cluster = new couchbase.Cluster("couchbase://localhost", {
    username: "Administrator",
    password: "password"
  });
  const bucket = cluster.bucket("mybucket");

  const NUM = 77;
  const KEYSIZE = 10;
  const keys = [];
  for (var i = 0; i < NUM; i++) {
    keys.push(Array(KEYSIZE).join(String(i)));
  }

  console.log(`Keys array: ${NUM} keys, size ${bytesize(keys)} bytes`);

  return bucket.viewQuery("giles", "test", { keys }).then(results => {
    console.log("viewQuery results", results);

    cluster.close();
  }).catch(err => {
    console.log("*** ERR", err);
  });
})();

This code uses segfault-handler to output a stack. This is the output:

/lib/x86_64-linux-gnu/libpthread.so.0(+0x128a0)[0x7f35494f18a0]
/lib/x86_64-linux-gnu/libc.so.6(+0x18e837)[0x7f354927c837]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x2143)[0x7f354914b563]
/lib/x86_64-linux-gnu/libc.so.6(vsnprintf+0x90)[0x7f3549176980]
/Users/giles/Documents/git/ceanpouch/build/node_modules/couchbase/build/Release/couchbase_impl.node(_ZN9couchnode6Logger7handlerEjPKciS2_iS2_P13__va_list_tag+0xab)[0x7f35425038cb]
/Users/giles/Documents/git/ceanpouch/build/node_modules/couchbase/build/Release/couchbase_impl.node(_ZN9couchnode6Logger10lcbHandlerEPK11lcb_LOGGER_mPKc16lcb_LOG_SEVERITYS5_iS5_P13__va_list_tag+0x51)[0x7f3542503e21]
/Users/giles/Documents/git/ceanpouch/build/node_modules/couchbase/build/Release/couchbase_impl.node(lcb_log+0x94)[0x7f35425764f4]
/Users/giles/Documents/git/ceanpouch/build/node_modules/couchbase/build/Release/couchbase_impl.node(_ZN3lcb4http7Request6submitEv+0x1a4)[0x7f3542510de4]
/Users/giles/Documents/git/ceanpouch/build/node_modules/couchbase/build/Release/couchbase_impl.node(_ZN3lcb4http7Request6createEP6lcb_stPKvPK12lcb_CMDHTTP_P10lcb_STATUS+0x23b)[0x7f35425128ab]
/Users/giles/Documents/git/ceanpouch/build/node_modules/couchbase/build/Release/couchbase_impl.node(lcb_http+0x11)[0x7f3542512a01]
/Users/giles/Documents/git/ceanpouch/build/node_modules/couchbase/build/Release/couchbase_impl.node(_ZN16lcb_VIEW_HANDLE_C1EP6lcb_stPKvPK12lcb_CMDVIEW_+0x301)[0x7f35425599d1]
/Users/giles/Documents/git/ceanpouch/build/node_modules/couchbase/build/Release/couchbase_impl.node(lcb_view+0x36)[0x7f3542559d66]
/Users/giles/Documents/git/ceanpouch/build/node_modules/couchbase/build/Release/couchbase_impl.node(_ZN9couchnode10Connection11fnViewQueryERKN3Nan20FunctionCallbackInfoIN2v85ValueEEE+0x596)[0x7f35424f8ba6]
/Users/giles/Documents/git/ceanpouch/build/node_modules/couchbase/build/Release/couchbase_impl.node(+0x55767)[0x7f35424fc767]
node[0xb8e6af]
node(_ZN2v88internal21Builtin_HandleApiCallEiPPNS0_6ObjectEPNS0_7IsolateE+0xb9)[0xb8f219]
[0xf7dbaedbe1d]
Segmentation fault (core dumped)

Thanks,
Giles

AV25242 · November 27, 2020, 10:55pm

@ericb , @brett19 can you please assist

giles · December 3, 2020, 9:16am

Hi @AV25242 ,

Has anyone had a chance to look into this?

Thanks,
Giles

AV25242 · December 3, 2020, 4:08pm

Hello @giles there was a fix for Segmentation fault in 3.1 that was released yesterday and a similar forum post discusses about it. Can you see if this helps

giles · December 3, 2020, 4:54pm

Hi @AV25242, thanks for the reply. I have tested 3.1.0 and I no longer see this seg fault.

Cheers,
Giles

AV25242 · December 3, 2020, 4:57pm

@giles sorry for the delay and glad that it helped