crash when trying to erase an object with a null link

[sync-by-unito]

Investigating a realm sync fuzzer failure (REALMC-10073), discovered that this is likely an issue with the core binary.

This occurs when issuing the following (see the attached json file for a minimal reproduction with the realm sync fuzzer)

1. CreateObject
2. ArrayInsert of a null link
3. EraseObject

steps 1+2 together work fine, and steps 1+3 alone work as well. However, all 3 together cause the following error:
libc++abi.dylib: terminating with uncaught exception of type realm::KeyNotFound: No object with key '-2' in 'class_jl'

Please let me know if there's any other information I can provide

[sync-by-unito]

➤ Jonathan Reams commented:

[~sudarshan.muralidhar], looking at the JSON file, I don't see an EraseObject instruction. Is something missing here?

[sync-by-unito]

➤ Sudarshan Muralidhar commented:

[~jonathan.reams] my bad. please check again, i updated the file

[sync-by-unito]

➤ Jonathan Reams commented:

What are the schema instructions for the table you're interacting with? It looks like the primary key _id should be a non-null UUID, but is null in the instructions that cause the crash. Also is the list element a list of nullable links to the same collection? So there's a circular reference between the object you're deleting and a link in the list?

[sync-by-unito]

➤ Sudarshan Muralidhar commented:

1. primary key _id should be a uuid, but i dont think it has to be non-null?
2. yeah the link points at the object itself (same table, id=null), which certainly could be why things are getting confused. However, I'd imagine that if this link were illegal, we should get some error when just trying to create the link - not when we try to erase the object later.

[sync-by-unito]

➤ Jonathan Reams commented:

Gotcha, I was able to reproduce this with this minimal test case

TEST(LinkList_Self_Reference)
{
    Group group;
    auto target = group.add_table_with_primary_key("table", type_UUID, "_id", true);
    auto list_col = target->add_column_list(*target, "links");

    auto obj = target->create_object_with_primary_key(Mixed{});
    auto lnk_lst = obj.get_linklist(list_col);
    lnk_lst.insert(0, obj.get_key());
    target->invalidate_object(obj.get_key());
}

[sync-by-unito]

➤ Jonathan Reams commented:

The full backtrace for the exception is:

  * frame #0: 0x00007fff20359b3e libc++abi.dylib`__cxa_throw
    frame #1: 0x000000010104d346 realm-tests`realm::ClusterNode::get(this=0x0000000104920220, k=(value = -2), state=0x00007ffeefbfbdc8) const at cluster.cpp:67:9
    frame #2: 0x00000001010756e8 realm-tests`realm::ClusterTree::get(this=0x000000010580c1d0, k=(value = -2)) const at cluster_tree.cpp:919:13
    frame #3: 0x00000001000c0f3b realm-tests`realm::TableClusterTree::get(this=0x000000010580c1d0, k=(value = -2)) const at table_cluster_tree.hpp:38:35
    frame #4: 0x00000001010ffc32 realm-tests`realm::ClusterColumn::get_value(this=0x0000000104920308, key=(value = -2)) const at index_string.cpp:59:35
    frame #5: 0x000000010110410d realm-tests`realm::StringIndex::get(this=0x0000000104920300, key=(value = -2)) const at index_string.cpp:1109:28
    frame #6: 0x00000001011ad72e realm-tests`void realm::StringIndex::set<realm::null>(this=0x0000000104920300, key=(value = -2), new_value=null @ 0x00007ffeefbfbfc8) at index_string.hpp:432:23
    frame #7: 0x00000001011a144f realm-tests`realm::Obj::set_null(this=0x00007ffeefbfc6e0, col_key=(value = 68222976), is_default=false) at obj.cpp:2263:20
    frame #8: 0x00000001011a1ada realm-tests`realm::Obj::set_any(this=0x00007ffeefbfc6e0, col_key=(value = 68222976), value=Mixed @ 0x00007ffeefbfc3e8, is_default=false) at obj.cpp:1335:9
    frame #9: 0x00000001011ad4d8 realm-tests`realm::Obj::assign_pk_and_backlinks(this=0x00007ffeefbfc6e0, other=0x00007ffeefbfc6a0) at obj.cpp:2114:15
    frame #10: 0x000000010126a71e realm-tests`realm::Table::invalidate_object(this=0x000000010580be00, key=(value = 0)) at table.cpp:3390:19
    frame #11: 0x00000001009d42e1 realm-tests`Realm_UnitTest__LinkList_Self_Reference::test_run(this=0x00007ffeefbfcc30) at test_links.cpp:729:13
    frame #12: 0x00000001009f6f62 realm-tests`realm::test_util::unit_test::RegisterTest<Realm_UnitTest__LinkList_Self_Reference>::run_test(test_context=0x00007ffeefbfcd28) at unit_test.hpp:615:14
    frame #13: 0x0000000100dd8347 realm-tests`realm::test_util::unit_test::TestList::ThreadContextImpl::run(this=0x00007ffeefbfde68, entry=Entry @ 0x00007ffeefbfcd80, lock=0x00007ffeefbfcdf8) at unit_test.cpp:759:9
    frame #14: 0x0000000100dd7dd0 realm-tests`realm::test_util::unit_test::TestList::ThreadContextImpl::nonconcur_run(this=0x00007ffeefbfde68) at unit_test.cpp:743:9
    frame #15: 0x0000000100dd668a realm-tests`realm::test_util::unit_test::TestList::run(this=0x00000001014fce38, config=Config @ 0x00007ffeefbfe250) at unit_test.cpp:656:24
    frame #16: 0x000000010070fb7d realm-tests`(anonymous namespace)::run_tests(logger=0x0000000000000000) at test_all.cpp:556:25
    frame #17: 0x000000010070dba9 realm-tests`test_all(argc=1, argv=0x00007ffeefbff118, logger=0x0000000000000000, disable_all_sync_to_disk=true) at test_all.cpp:614:20
    frame #18: 0x0000000100dcfa32 realm-tests`main(argc=1, argv=0x00007ffeefbff118) at main.cpp:58:12
    frame #19: 0x00007fff203aff5d libdyld.dylib`start + 1
    frame #20: 0x00007fff203aff5d libdyld.dylib`start + 1