Skip to content

Add NULL checks to prevent segfaults when Kafka metadata contains NULL #428

Merged
Kaushik Raina (k-raina) merged 7 commits intomasterfrom
kraina-fix-segfault-during-metadata
Feb 26, 2026
Merged

Add NULL checks to prevent segfaults when Kafka metadata contains NULL #428
Kaushik Raina (k-raina) merged 7 commits intomasterfrom
kraina-fix-segfault-during-metadata

Conversation

@k-raina
Copy link
Member

@k-raina Kaushik Raina (k-raina) commented Jan 6, 2026
edited
Loading

Problem

Application crashes with segmentation fault when calling AdminClient.describeTopics() during Kafka broker restarts. The crash occurs when converting node metadata to JavaScript objects.

Root Cause: During broker restarts, Kafka metadata can contain NULL node pointers or NULL host fields. The code dereferenced these NULL pointers without checks, causing segfaults.

Replication steps

  • Docker Compose environment: Start 3 Kafka brokers + ZooKeeper
  • Start Client which continuously calls describeTopics() every 500ms on 10 test topics
  • Run Chaos scripts ( like restart-brokers.sh) to trigger broker restarts/kills
  • During restarts: Kafka sends metadata updates with changing node information
  • When brokers go offline: node structures have NULL host fields
  • Native code converts nodes to JavaScript without NULL checks → segfault

Solution

Added defensive NULL checks in two functions:

  1. ToV8Object() - Check if node pointer and host field are NULL before accessing
  2. FromDescribeTopicsResult() - Check leader, ISR, and replica nodes for NULL before conversion

NULL values are now safely converted to JavaScript null instead of crashing.

Testing

Without Fix

➜  JavaScript_1_3_1_SEG_Fault_Repro-Modifie-2 cat client/logs/stderr.log
=========== Caught a Segmentation Fault [pid=76203] ===========
-----[ Native Stacktraces ]-----
Cannot unwind stacktraces: Feature disabled / Missing libunwind on your system

---[ V8 JavaScript Stacktraces ]---
============================================================

With Fix

  ➜  JavaScript_1_3_1_SEG_Fault_Repro-Modifie-2 cat client/logs/stderr.log
➜  JavaScript_1_3_1_SEG_Fault_Repro-Modifie-2

No segfault noticed

@k-raina Kaushik Raina (k-raina) requested a review from a team as a code owner January 6, 2026 16:57
Copilot AI review requested due to automatic review settings January 6, 2026 16:57
@k-raina Kaushik Raina (k-raina) requested a review from a team as a code owner January 6, 2026 16:57
Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds NULL pointer checks to prevent segmentation faults when Kafka metadata contains NULL values during broker restarts or metadata updates.

  • Adds NULL checks for node pointers and host fields in ToV8Object()
  • Adds NULL checks for leader, ISR, and replica nodes in FromDescribeTopicsResult()
  • Fixes memory leaks by destroying partition lists when validation fails

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/common.cc
Comment on lines +557 to +563
if (offsetValue->IsObject()) {
v8::Local<v8::Object> offsetObject = offsetValue.As<v8::Object>();
int64_t offset = GetParameter<int64_t>(offsetObject, "timestamp", 0);
toppar->offset = offset;
} else {
toppar->offset = 0;
}
Copy link

Copilot AI Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic extracts a 'timestamp' parameter from the offset object but assigns it to toppar->offset. This is confusing - if the parameter name is 'timestamp', consider renaming the local variable to timestamp for clarity, or verify that 'timestamp' is the correct parameter name to extract.

Copilot uses AI. Check for mistakes.
Copy link
Contributor

@emasab Emanuele Sabellico (emasab) Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great, it solves an unhandled exception in case you pass an object without the offset property.

@airlock-confluentinc airlock-confluentinc bot force-pushed the kraina-fix-segfault-during-metadata branch from efdc2cf to 83ed71d Compare February 17, 2026 12:40
PratRanj07
Pratyush Ranjan (PratRanj07) requested changes Feb 24, 2026
View reviewed changes
PratRanj07
Pratyush Ranjan (PratRanj07) approved these changes Feb 25, 2026
View reviewed changes
Copy link
Contributor

@PratRanj07 Pratyush Ranjan (PratRanj07) left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@k-raina @claude
Add CHANGELOG entry for v1.8.1 segfault fix
9febe2c 
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
emasab
Emanuele Sabellico (emasab) requested changes Feb 26, 2026
View reviewed changes
Copy link
Contributor

@emasab Emanuele Sabellico (emasab) left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks both! Sent these comments.

src/common.cc
Comment on lines +557 to +563
if (offsetValue->IsObject()) {
v8::Local<v8::Object> offsetObject = offsetValue.As<v8::Object>();
int64_t offset = GetParameter<int64_t>(offsetObject, "timestamp", 0);
toppar->offset = offset;
} else {
toppar->offset = 0;
}
Copy link
Contributor

@emasab Emanuele Sabellico (emasab) Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great, it solves an unhandled exception in case you pass an object without the offset property.

emasab
Emanuele Sabellico (emasab) approved these changes Feb 26, 2026
View reviewed changes
Copy link
Contributor

@emasab Emanuele Sabellico (emasab) left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks Kaushik, just run the linter as it's failing in the CI.

PratRanj07
Pratyush Ranjan (PratRanj07) approved these changes Feb 26, 2026
View reviewed changes
Copy link
Contributor

@PratRanj07 Pratyush Ranjan (PratRanj07) left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks Kaushik Raina (@k-raina) !

@k-raina Kaushik Raina (k-raina) merged commit b7d191e into master Feb 26, 2026
2 checks passed
@k-raina Kaushik Raina (k-raina) deleted the kraina-fix-segfault-during-metadata branch February 26, 2026 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@emasab Emanuele Sabellico (emasab) emasab approved these changes

@PratRanj07 Pratyush Ranjan (PratRanj07) PratRanj07 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@k-raina @emasab @PratRanj07