From 7fe6e6bbda0ab59e29f99c8fa29c06a050f2791b Mon Sep 17 00:00:00 2001
From: Egor Ivkov <e.o.ivkov@gmail.com>
Date: Wed, 20 Mar 2024 18:28:16 +0300
Subject: [PATCH] fix: missing check for mp type in xrow_decode_raft

NO_DOC=internal
NO_TEST=internal
NO_CHANGELOG=internal
---
 src/box/xrow.c                      | 2 ++
 test/fuzz/xrow_decode_raft_fuzzer.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/src/box/xrow.c b/src/box/xrow.c
index 49e0863d30..397e236866 100644
--- a/src/box/xrow.c
+++ b/src/box/xrow.c
@@ -1461,6 +1461,8 @@ xrow_decode_raft(const struct xrow_header *row, struct raft_request *r,
 	memset(r, 0, sizeof(*r));
 
 	const char *pos = row->body[0].iov_base;
+	if (mp_typeof(*pos) != MP_MAP)
+		goto bad_msgpack;
 	uint32_t map_size = mp_decode_map(&pos);
 	for (uint32_t i = 0; i < map_size; ++i)
 	{
diff --git a/test/fuzz/xrow_decode_raft_fuzzer.c b/test/fuzz/xrow_decode_raft_fuzzer.c
index 554abb8dbb..3eac775ecd 100644
--- a/test/fuzz/xrow_decode_raft_fuzzer.c
+++ b/test/fuzz/xrow_decode_raft_fuzzer.c
@@ -37,6 +37,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	struct xrow_header row = {0};
 	row.body[0] = body;
 	row.bodycnt = 1;
+	row.type = IPROTO_RAFT;
+	row.group_id = GROUP_LOCAL;
 
 	struct raft_request request = {0};
 	struct vclock vclock = {0};
-- 
GitLab