I got a large corpus of various crashes in the set internals code tripping over expressions that should not exist, e.g. a range expression with a symbolic expression. >From initial investigation it looks like to root cause is the same, we have back-to-back declarations of the same set name, evaluation is returning errors, but we instist to continue evaluation. Then, we try to merge set elements and end up merging such a 'redefined set' with an erroneous one. This series adds an initial assertion which helped to make crashes easier to backtrace. Second patch adds a 'errors' flag to struct set and raises it once we saw soemthing funky. Patch 3 also sets/uses this when evaluating the set itself. Alternative would be to make the lowlevel code more robust of these kinds of issues, but that might take a while to fix, also because this oce is partially not able to indicate errors. Florian Westphal (3): intervals: BUG on prefix expressions without value src: do not merge a set with a erroneous one evaluate: don't assert if set->data is NULL include/rule.h | 2 ++ src/evaluate.c | 17 +++++++++++++++-- src/intervals.c | 5 ++++- .../nft-f/expr_evaluate_mapping_no_data_assert | 4 ++++ .../bogons/nft-f/invalid_range_expr_type_binop | 12 ++++++++++++ 5 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 tests/shell/testcases/bogons/nft-f/expr_evaluate_mapping_no_data_assert create mode 100644 tests/shell/testcases/bogons/nft-f/invalid_range_expr_type_binop -- 2.41.0
