[builders] Patch librdkafka use-after-free in admin coord_request error path#23240
[builders] Patch librdkafka use-after-free in admin coord_request error path#23240piochelepiotr wants to merge 1 commit intomasterfrom
Conversation
…or path Apply upstream fix (confluentinc/librdkafka#5397) for a use-after-free bug in rd_kafka_admin_coord_request() that causes process abort with assertion failure on eonce->refcnt. Affects DescribeConsumerGroups, DeleteConsumerGroupOffsets, ListConsumerGroupOffsets and similar coordinator-targeted Admin API operations. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
This PR does not modify any files shipped with the agent. To help streamline the release process, please consider adding the |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1480f74f91
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| VERSION="${kafka_version}" \ | ||
| SHA256="14972092e4115f6e99f798a7cb420cbf6daa0c73502b3c52ae42fb5b418eea8f" \ | ||
| RELATIVE_PATH="librdkafka-{{version}}" \ | ||
| PATCHES="librdkafka-fix-coord-request-uaf.patch" \ |
There was a problem hiding this comment.
This change only wires PATCHES="librdkafka-fix-coord-request-uaf.patch" into the Linux builders, but the same librdkafka source/version is also built in macOS (.builders/images/macos/extra_build.sh) and Windows (.builders/images/windows-x86_64/build_script.ps1). Because the use-after-free is in shared C code, those platform wheels remain vulnerable to the same coordinator-request crash path (send failure followed by rd_kafka_enq_once_del_source_return assertion), so the fix is incomplete unless those builders are patched as well.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Yes. It's a pretty rare bug. So going to fix macos via the official librdkafka library release. Doing linux now because it has immediate impact.
1 participant
Summary
rd_kafka_admin_coord_request()that causes process abort withrd_kafka_enq_once_del_source_return: Assertion 'eonce->refcnt > 0' failedDescribeConsumerGroups,DeleteConsumerGroupOffsets,ListConsumerGroupOffsets, etc.Motivation
The bug triggers when a coordinator-targeted admin request fails to send (API version mismatch or connection disruption). The error path prematurely frees the
eonceobject while the caller still holds a reference, leading to use-after-free and assertion failure.This is not yet included in a released librdkafka version, so we apply it as a patch during the build using the existing
install-from-source.shPATCHESmechanism.Changes
.builders/patches/librdkafka-fix-coord-request-uaf.patch— the upstream fix from admin: fix use-after-free in coord_request error path confluentinc/librdkafka#5397.builders/images/linux-x86_64/build_script.sh— apply patch during librdkafka build.builders/images/linux-aarch64/build_script.sh— sameTest plan
🤖 Generated with Claude Code