Handle null group name to prevent segfault in Admin list_consumer_group_offsets()

[fangnx]

What

Problem

User reported a segmentation fault when calling list_consumer_group_offsets() on non-existing consumer groups in v2.10.0. The process crashed instead of raising an exception.

Investigation

Normal behavior verified: When calling list_consumer_group_offsets() on a non-existing group, the API successfully returns an empty list (

confluent-kafka-python/src/confluent_kafka/src/Admin.c

Line 5011 in 06c0744

result = Admin_c_GroupResults_to_py(c_list_group_offset_res_responses,

). This is the expected behavior - Kafka/librdkafka does not treat a non-existing consumer group as an error condition.

Why the segfault occur (theory): Since the normal "non-existing group" path works correctly, the crash must occur in error scenarios where librdkafka encounters internal failures. Through code analysis, we identified a vulnerability: the C binding passes rd_kafka_group_result_name() directly to PyUnicode_FromString() without NULL checking (

confluent-kafka-python/src/confluent_kafka/src/Admin.c

Line 4539 in 06c0744

cfl_PyDict_SetString(kwargs, "group_id", rd_kafka_group_result_name(c_group_result_response));

):

• If rd_kafka_group_result_name() returns NULL (possible in edge cases like network timeouts, coordinator unavailability, broker communication failures, or race conditions in error handling), this causes a NULL pointer dereference in PyUnicode_FromString(), resulting in SIGSEGV.

Solution

In Admin_c_SingleGroupResult_to_py(), add defensive check for NULL group_name.

Checklist

• Contains customer facing changes? Including API/behavior changes
• Did you add sufficient unit test and/or integration test coverage for this PR?
  • If not, please explain why it is not required

References

JIRA: https://confluentinc.atlassian.net/browse/NONJAVACLI-4100
Issue: #1982

Test & Review

Open questions / Follow-ups

[confluent-cla-assistant]

🎉 All Contributor License Agreements have been signed. Ready to merge.
_{Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.}

[Copilot]

Pull Request Overview

This PR adds defensive NULL checking to prevent a segmentation fault when rd_kafka_group_result_name() returns NULL during error conditions in the list_consumer_group_offsets() admin operation.

Key Changes:

• Added NULL pointer validation for group names returned by librdkafka before passing to Python string conversion functions
• Proper error handling with resource cleanup (DECREF) when NULL is encountered

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The error message 'Received NULL group name from librdkafka' doesn't provide actionable information to users. Consider including guidance such as 'Internal error: received NULL group name from librdkafka. This may indicate a broker communication failure or coordinator unavailability.'

Suggested change

	"Received NULL group name from librdkafka");
	"Internal error: received NULL group name from librdkafka. This may indicate a broker communication failure or coordinator unavailability.");

[Copilot]

Using RD_KAFKA_RESP_ERR__INVALID_ARG may be misleading since this is an internal/unexpected error rather than invalid user input. Consider using RD_KAFKA_RESP_ERR__FAIL or RD_KAFKA_RESP_ERR__STATE to better represent an internal error condition.

Suggested change

	cfl_PyErr_Format(RD_KAFKA_RESP_ERR__INVALID_ARG,
	cfl_PyErr_Format(RD_KAFKA_RESP_ERR__FAIL,

[sonarqube-confluent]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[Copilot]

Pull Request Overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.