[tarantool-patches] [PATCH v1 1/1] sql: proper check for index in vdbe_emit_constraint_checks()

[imeevma at tarantool.org]

Index received in function vdbe_emit_constraint_checks() wasn't
checked properly. It lead to segmentation fault when INSERT and
DROP TABLE executed simultaneously for the same table.

Closes #3780
---
Issue: https://github.com/tarantool/tarantool/issues/3780
Branch: https://github.com/tarantool/tarantool/tree/imeevma/gh-3780-proper-index-check

 src/box/sql/insert.c     | 24 +++++++++++++-----------
 test/sql/errinj.result   | 33 +++++++++++++++++++++++++++++++++
 test/sql/errinj.test.lua | 12 ++++++++++++
 3 files changed, 58 insertions(+), 11 deletions(-)

diff --git a/src/box/sql/insert.c b/src/box/sql/insert.c
index fd05c02..45f59b1 100644
--- a/src/box/sql/insert.c
+++ b/src/box/sql/insert.c
@@ -983,18 +983,20 @@ vdbe_emit_constraint_checks(struct Parse *parse_context, struct Table *tab,
 	 * strict typing.
 	 */
 	struct index *pk = space_index(tab->space, 0);
-	uint32_t part_count = pk->def->key_def->part_count;
-	if (part_count == 1) {
-		uint32_t fieldno = pk->def->key_def->parts[0].fieldno;
-		int reg_pk = new_tuple_reg + fieldno;
-		if (def->fields[fieldno].affinity == AFFINITY_INTEGER) {
-			int skip_if_null = sqlite3VdbeMakeLabel(v);
-			if (autoinc_fieldno != UINT32_MAX) {
-				sqlite3VdbeAddOp2(v, OP_IsNull, reg_pk,
-						  skip_if_null);
+	if (pk != NULL) {
+		uint32_t part_count = pk->def->key_def->part_count;
+		if (part_count == 1) {
+			uint32_t fieldno = pk->def->key_def->parts[0].fieldno;
+			int reg_pk = new_tuple_reg + fieldno;
+			if (def->fields[fieldno].affinity == AFFINITY_INTEGER) {
+				int skip_if_null = sqlite3VdbeMakeLabel(v);
+				if (autoinc_fieldno != UINT32_MAX) {
+					sqlite3VdbeAddOp2(v, OP_IsNull, reg_pk,
+							  skip_if_null);
+				}
+				sqlite3VdbeAddOp2(v, OP_MustBeInt, reg_pk, 0);
+				sqlite3VdbeResolveLabel(v, skip_if_null);
 			}
-			sqlite3VdbeAddOp2(v, OP_MustBeInt, reg_pk, 0);
-			sqlite3VdbeResolveLabel(v, skip_if_null);
 		}
 	}
 	/*
diff --git a/test/sql/errinj.result b/test/sql/errinj.result
index cb993f8..beceafb 100644
--- a/test/sql/errinj.result
+++ b/test/sql/errinj.result
@@ -280,3 +280,36 @@ errinj.set("ERRINJ_WAL_IO", false)
 box.sql.execute("DROP TABLE t3;")
 ---
 ...
+-- gh-3780: Segmentation fault with two users changing the same
+-- SQL table
+box.sql.execute('create table test (id int primary key)')
+---
+...
+errinj.set("ERRINJ_WAL_DELAY", true)
+---
+- ok
+...
+function execute_yield_drop_table() box.sql.execute("drop table test") end
+---
+...
+f1 = fiber.create(execute_yield_drop_table)
+---
+...
+while f1:status() ~= 'suspended' do fiber.sleep(0) end
+---
+...
+box.sql.execute("insert into test values (1)")
+---
+- error: 'No index #0 is defined in space ''TEST'''
+...
+errinj.set("ERRINJ_WAL_DELAY", false)
+---
+- ok
+...
+while f1:status() ~= 'dead' do fiber.sleep(0) end
+---
+...
+box.sql.execute("drop table test")
+---
+- error: 'no such table: TEST'
+...
diff --git a/test/sql/errinj.test.lua b/test/sql/errinj.test.lua
index fa7f9f2..a66a812 100644
--- a/test/sql/errinj.test.lua
+++ b/test/sql/errinj.test.lua
@@ -97,3 +97,15 @@ box.sql.execute("ALTER TABLE t3 DROP CONSTRAINT fk1;")
 box.sql.execute("INSERT INTO t3 VALUES(1, 1, 3);")
 errinj.set("ERRINJ_WAL_IO", false)
 box.sql.execute("DROP TABLE t3;")
+
+-- gh-3780: Segmentation fault with two users changing the same
+-- SQL table
+box.sql.execute('create table test (id int primary key)')
+errinj.set("ERRINJ_WAL_DELAY", true)
+function execute_yield_drop_table() box.sql.execute("drop table test") end
+f1 = fiber.create(execute_yield_drop_table)
+while f1:status() ~= 'suspended' do fiber.sleep(0) end
+box.sql.execute("insert into test values (1)")
+errinj.set("ERRINJ_WAL_DELAY", false)
+while f1:status() ~= 'dead' do fiber.sleep(0) end
+box.sql.execute("drop table test")
-- 
2.7.4