Merge pull request #1926 from ether/fix/no-connect-to-corrupt-pad

Fix a whole range of bugs related to corrupted changesets

2 files changed, 23 insertions, 19 deletions

diff --git a/src/node/handler/PadMessageHandler.js b/src/node/handler/PadMessageHandler.js
index 4adf6002..e96f64eb 100644
--- a/src/node/handler/PadMessageHandler.js
+++ b/src/node/handler/PadMessageHandler.js
@@ -594,7 +594,7 @@ function handleUserChanges(data, cb)
         // defined in the accompanying attribute pool.
         Changeset.eachAttribNumber(changeset, function(n) {
           if (! wireApool.getAttrib(n)) {
-            throw "Attribute pool is missing attribute "+n+" for changeset "+changeset;
+            throw new Error("Attribute pool is missing attribute "+n+" for changeset "+changeset);
           }
         });
 
@@ -608,23 +608,22 @@ function handleUserChanges(data, cb)
             if(!attr) return
             attr = wireApool.getAttrib(attr)
             if(!attr) return
-            if('author' == attr[0] && attr[1] != thisSession.author) throw "Trying to submit changes as another author"
+            if('author' == attr[0] && attr[1] != thisSession.author) throw new Error("Trying to submit changes as another author in changeset "+changeset);
           })
         }
+        
+        //ex. adoptChangesetAttribs
+          
+        //Afaik, it copies the new attributes from the changeset, to the global Attribute Pool
+        changeset = Changeset.moveOpsToNewPool(changeset, wireApool, pad.pool);
       }
       catch(e)
       {
         // There is an error in this changeset, so just refuse it
-        console.warn("Can't apply USER_CHANGES "+changeset+", because: "+e);
         client.json.send({disconnect:"badChangeset"});
-        return callback();
+        return callback(new Error("Can't apply USER_CHANGES, because "+e.message));
       }
         
-      //ex. adoptChangesetAttribs
-        
-      //Afaik, it copies the new attributes from the changeset, to the global Attribute Pool
-      changeset = Changeset.moveOpsToNewPool(changeset, wireApool, pad.pool);
-        
       //ex. applyUserChanges
       apool = pad.pool;
       r = baseRev;
@@ -651,9 +650,8 @@ function handleUserChanges(data, cb)
             {
               changeset = Changeset.follow(c, changeset, false, apool);
             }catch(e){
-              console.warn("Can't apply USER_CHANGES "+changeset+", possibly because of mismatched follow error");
               client.json.send({disconnect:"badChangeset"});
-              return callback();
+              return callback(new Error("Can't apply USER_CHANGES, because "+e.message));
             }
 
             if ((r - baseRev) % 200 == 0) { // don't let the stack get too deep
@@ -674,9 +672,8 @@ function handleUserChanges(data, cb)
       
       if (Changeset.oldLen(changeset) != prevText.length) 
       {
-        console.warn("Can't apply USER_CHANGES "+changeset+" with oldLen " + Changeset.oldLen(changeset) + " to document of length " + prevText.length);
         client.json.send({disconnect:"badChangeset"});
-        return callback();
+        return callback(new Error("Can't apply USER_CHANGES "+changeset+" with oldLen " + Changeset.oldLen(changeset) + " to document of length " + prevText.length));
       }
         
       pad.appendRevision(changeset, thisSession.author);
@@ -700,7 +697,7 @@ function handleUserChanges(data, cb)
   ], function(err)
   {
     cb();
-    ERR(err);
+    if(err) console.warn(err.stack || err)
   });
 }
 
@@ -1006,11 +1003,17 @@ function handleClientReady(client, message)
       //This is a normal first connect
       else
       {
-        //prepare all values for the wire
-        var atext = Changeset.cloneAText(pad.atext);
-        var attribsForWire = Changeset.prepareForWire(atext.attribs, pad.pool);
-        var apool = attribsForWire.pool.toJsonable();
-        atext.attribs = attribsForWire.translated;
+        //prepare all values for the wire, there'S a chance that this throws, if the pad is corrupted
+        try {
+          var atext = Changeset.cloneAText(pad.atext);
+          var attribsForWire = Changeset.prepareForWire(atext.attribs, pad.pool);
+          var apool = attribsForWire.pool.toJsonable();
+          atext.attribs = attribsForWire.translated;
+        }catch(e) {
+          console.error(e.stack || e)
+          client.json.send({disconnect:"padCorrupted"});// pull the breaks
+          return callback();
+        }
         
         // Warning: never ever send padIds.padId to the client. If the
         // client is read only you would open a security hole 1 swedish
diff --git a/src/static/js/Changeset.js b/src/static/js/Changeset.js
index 5f3c0b60..06b24bcf 100644
--- a/src/static/js/Changeset.js
+++ b/src/static/js/Changeset.js
@@ -1504,6 +1504,7 @@ exports.moveOpsToNewPool = function (cs, oldPool, newPool) {
   return upToDollar.replace(/\*([0-9a-z]+)/g, function (_, a) {
     var oldNum = exports.parseNum(a);
     var pair = oldPool.getAttrib(oldNum);
+    if(!pair) exports.error('Can\'t copy unknown attrib (reference attrib string to non-existant pool entry). Inconsistent attrib state!');
     var newNum = newPool.putAttrib(pair);
     return '*' + exports.numToString(newNum);
   }) + fromDollar;