Handle null group name to prevent segfault in Admin list_consumer_group_offsets() #2118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

fangnx wants to merge 2 commits into master

from handle-null-group-res

Open

Handle null group name to prevent segfault in Admin list_consumer_group_offsets() #2118

fangnx wants to merge 2 commits into master from handle-null-group-res

+10 −1

Conversation

@fangnx

Copy link

Member

@fangnx fangnx commented Oct 31, 2025 •

edited

Loading

What

Problem

User reported a segmentation fault when calling list_consumer_group_offsets() on non-existing consumer groups in v2.10.0. The process crashed instead of raising an exception.

Investigation

Normal behavior verified: When calling list_consumer_group_offsets() on a non-existing group, the API successfully returns an empty list (

confluent-kafka-python/src/confluent_kafka/src/Admin.c

Line 5011 in 06c0744

result = Admin_c_GroupResults_to_py(c_list_group_offset_res_responses,

). This is the expected behavior - Kafka/librdkafka does not treat a non-existing consumer group as an error condition.

Why the segfault occur (theory): Since the normal "non-existing group" path works correctly, the crash must occur in error scenarios where librdkafka encounters internal failures. Through code analysis, we identified a vulnerability: the C binding passes rd_kafka_group_result_name() directly to PyUnicode_FromString() without NULL checking (

confluent-kafka-python/src/confluent_kafka/src/Admin.c

Line 4539 in 06c0744

cfl_PyDict_SetString(kwargs, "group_id", rd_kafka_group_result_name(c_group_result_response));

If rd_kafka_group_result_name() returns NULL (possible in edge cases like network timeouts, coordinator unavailability, broker communication failures, or race conditions in error handling), this causes a NULL pointer dereference in PyUnicode_FromString(), resulting in SIGSEGV.

Solution

In Admin_c_SingleGroupResult_to_py(), add defensive check for NULL group_name.

Checklist

Contains customer facing changes? Including API/behavior changes
Did you add sufficient unit test and/or integration test coverage for this PR?
- If not, please explain why it is not required

References

JIRA: https://confluentinc.atlassian.net/browse/NONJAVACLI-4100
Issue: #1982

Test & Review

Open questions / Follow-ups

@fangnx


 update

79efd72

Copilot AI review requested due to automatic review settings

October 31, 2025 15:56

@fangnx fangnx requested review from a team and MSeal as code owners

October 31, 2025 15:56

@confluent-cla-assistant

Copy link

confluent-cla-assistant bot commented Oct 31, 2025

🎉 All Contributor License Agreements have been signed. Ready to merge.
_{Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.}

Copilot AI reviewed

Oct 31, 2025

View reviewed changes

Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds defensive NULL checking to prevent a segmentation fault when rd_kafka_group_result_name() returns NULL during error conditions in the list_consumer_group_offsets() admin operation.

Key Changes:

Added NULL pointer validation for group names returned by librdkafka before passing to Python string conversion functions
Proper error handling with resource cleanup (DECREF) when NULL is encountered

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/confluent_kafka/src/Admin.c

const char *group_name = rd_kafka_group_result_name(c_group_result_response);

if (!group_name) {

cfl_PyErr_Format(RD_KAFKA_RESP_ERR__INVALID_ARG,

"Received NULL group name from librdkafka");

Copy link

Copilot AI Oct 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message 'Received NULL group name from librdkafka' doesn't provide actionable information to users. Consider including guidance such as 'Internal error: received NULL group name from librdkafka. This may indicate a broker communication failure or coordinator unavailability.'

Suggested change

"Received NULL group name from librdkafka");

"Internal error: received NULL group name from librdkafka. This may indicate a broker communication failure or coordinator unavailability.");

Copilot uses AI. Check for mistakes.

src/confluent_kafka/src/Admin.c Outdated

/* Safely handle potential NULL group name from librdkafka */

const char *group_name = rd_kafka_group_result_name(c_group_result_response);

if (!group_name) {

cfl_PyErr_Format(RD_KAFKA_RESP_ERR__INVALID_ARG,

Copy link

Copilot AI Oct 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using RD_KAFKA_RESP_ERR__INVALID_ARG may be misleading since this is an internal/unexpected error rather than invalid user input. Consider using RD_KAFKA_RESP_ERR__FAIL or RD_KAFKA_RESP_ERR__STATE to better represent an internal error condition.

Suggested change

cfl_PyErr_Format(RD_KAFKA_RESP_ERR__INVALID_ARG,

cfl_PyErr_Format(RD_KAFKA_RESP_ERR__FAIL,