[tarantool-patches] [PATCH v1 05/10] sql: EXPLAIN through net.box leads to SEGFAULT

[imeevma at tarantool.org]

EXPLAIN envokes SEGMENTATION FAULT when being executed through
net.box. It happens due to column type of the result of this
function being NULL.

Needed for #3505
---
 src/box/execute.c        | 11 +++++++----
 src/box/lua/net_box.c    | 15 ++++++++-------
 test/sql/iproto.result   | 11 +++++++++++
 test/sql/iproto.test.lua |  9 ++++++++-
 4 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/src/box/execute.c b/src/box/execute.c
index 80ad655..da2f09c 100644
--- a/src/box/execute.c
+++ b/src/box/execute.c
@@ -468,15 +468,18 @@ sql_get_description(struct sqlite3_stmt *stmt, struct vstream *stream,
 		 * column_name simply returns them.
 		 */
 		assert(name != NULL);
-		vstream_encode_map(stream, 2);
+		int map_size = (type == NULL) ? 1 : 2;
+		vstream_encode_map(stream, map_size);
 
 		vstream_encode_enum(stream, IPROTO_FIELD_NAME, "name");
 		vstream_encode_str(stream, name);
 		vstream_encode_map_commit(stream);
 
-		vstream_encode_enum(stream, IPROTO_FIELD_TYPE, "type");
-		vstream_encode_str(stream, type);
-		vstream_encode_map_commit(stream);
+		if (map_size == 2) {
+			vstream_encode_enum(stream, IPROTO_FIELD_TYPE, "type");
+			vstream_encode_str(stream, type);
+			vstream_encode_map_commit(stream);
+		}
 
 		vstream_encode_array_commit(stream, i);
 	}
diff --git a/src/box/lua/net_box.c b/src/box/lua/net_box.c
index c7063d9..342c6a7 100644
--- a/src/box/lua/net_box.c
+++ b/src/box/lua/net_box.c
@@ -644,8 +644,7 @@ netbox_decode_metadata(struct lua_State *L, const char **data)
 	lua_createtable(L, count, 0);
 	for (uint32_t i = 0; i < count; ++i) {
 		uint32_t map_size = mp_decode_map(data);
-		assert(map_size == 2);
-		(void) map_size;
+		assert(map_size == 1 || map_size == 2);
 		uint32_t key = mp_decode_uint(data);
 		assert(key == IPROTO_FIELD_NAME);
 		(void) key;
@@ -654,11 +653,13 @@ netbox_decode_metadata(struct lua_State *L, const char **data)
 		const char *str = mp_decode_str(data, &len);
 		lua_pushlstring(L, str, len);
 		lua_setfield(L, -2, "name");
-		key = mp_decode_uint(data);
-		assert(key == IPROTO_FIELD_TYPE);
-		const char *type = mp_decode_str(data, &len);
-		lua_pushlstring(L, type, len);
-		lua_setfield(L, -2, "type");
+		if (map_size == 2) {
+			key = mp_decode_uint(data);
+			assert(key == IPROTO_FIELD_TYPE);
+			const char *type = mp_decode_str(data, &len);
+			lua_pushlstring(L, type, len);
+			lua_setfield(L, -2, "type");
+		}
 		lua_rawseti(L, -2, i + 1);
 	}
 }
diff --git a/test/sql/iproto.result b/test/sql/iproto.result
index d077ee8..0571a3b 100644
--- a/test/sql/iproto.result
+++ b/test/sql/iproto.result
@@ -773,6 +773,17 @@ cn:execute('drop table test')
 cn:close()
 ---
 ...
+-- gh-3505: Remove box.sql.execute
+cn = remote.connect(box.cfg.listen)
+---
+...
+-- Segmentation fault when EXPLAIN executed using net.box.
+_ = cn:execute("EXPLAIN SELECT 1;")
+---
+...
+cn:close()
+---
+...
 box.schema.user.revoke('guest', 'read,write,execute', 'universe')
 ---
 ...
diff --git a/test/sql/iproto.test.lua b/test/sql/iproto.test.lua
index 1470eda..e708bb2 100644
--- a/test/sql/iproto.test.lua
+++ b/test/sql/iproto.test.lua
@@ -247,10 +247,17 @@ cn:execute('drop table test')
 
 cn:close()
 
+-- gh-3505: Remove box.sql.execute
+cn = remote.connect(box.cfg.listen)
+
+-- Segmentation fault when EXPLAIN executed using net.box.
+_ = cn:execute("EXPLAIN SELECT 1;")
+
+cn:close()
+
 box.schema.user.revoke('guest', 'read,write,execute', 'universe')
 box.schema.user.revoke('guest', 'create', 'space')
 space = nil
 
 -- Cleanup xlog
 box.snapshot()
-
-- 
2.7.4