[Tarantool-patches] [PATCH 2/6] sql: fix possible null dereference in sql_expr_coll()

Nikita Pettik korablev at tarantool.org
Thu Dec 5 14:40:07 MSK 2019


On 28 Nov 23:42, Vladislav Shpilevoy wrote:
> Thanks for the patch!
> 
> Is it possible to test this?

As a pure test case - I've failed to come up with it.
But the next patch (which adds collation to metadata) definitely fails
without this fix (when TRIM() or REPLACE() are called without args).
I can dive into details, but I guess it's not so important here (since
this is obviously buggy place). If you want further investigation, let me
know and I will do it.
 
> On 27/11/2019 13:15, Nikita Pettik wrote:
> > ---
> >  src/box/sql/expr.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/src/box/sql/expr.c b/src/box/sql/expr.c
> > index 648b7170e..0bdcfe576 100644
> > --- a/src/box/sql/expr.c
> > +++ b/src/box/sql/expr.c
> > @@ -332,7 +332,8 @@ sql_expr_coll(Parse *parse, Expr *p, bool *is_explicit_coll, uint32_t *coll_id,
> >  				sql_func_by_signature(p->u.zToken, arg_count);
> >  			if (func == NULL)
> >  				break;
> > -			if (sql_func_flag_is_set(func, SQL_FUNC_DERIVEDCOLL)) {
> > +			if (sql_func_flag_is_set(func, SQL_FUNC_DERIVEDCOLL) &&
> > +			    arg_count > 0) {
> >  				/*
> >  				 * Now we use quite straightforward
> >  				 * approach assuming that resulting
> > 


More information about the Tarantool-patches mailing list