[Tarantool-patches] [PATCH 1/2] tuple: fix multikey field JSON access crash

Vladislav Shpilevoy v.shpilevoy at tarantool.org
Thu Aug 6 23:04:10 MSK 2020

On 06.08.2020 18:00, Oleg Babin wrote:
> Hi! Thanks for your patch. It's not a review but I have a question.
> On 05/08/2020 02:45, Vladislav Shpilevoy wrote:
>> When a tuple had format with multikey indexes in it, any attempt
>> to get a multikey indexed field by a JSON path from Lua led to a
>> crash.
>> That was because of incorrect interpretation of offset slot value
>> in tuple's field map.
>> Tuple field map is an array stored before the tuple's MessagePack
>> data. Each element is a 4 byte offset to an indexed value to be
>> able to get it for O(1) time without MessagePack decoding of all
>> the previous fields.
>> At least it was so before multikeys. Now tuple field map is not
>> just an array. It is rather a 2-level array, somehow similar to
>> ext4 FS. Some elements of the root array are positive numbers
>> pointing at data. Some elements point at a second 'indirect'
>> array, so called 'extra', size of which is individual for each
>> tuple. These second arrays are used by multikey indexes to store
>> offsets to each multikey indexed value in a tuple.
> Do json path updates use offsets? Is such issue relevant for them?
> I tried to update poisoned tuple but seems it works fine. But maybe I've missed something.

No, JSON updates always decode whole tuple, at least all fields <=
max affected field. So offsets are not used. I was thinking about
adding them, but so far there was no a request for it, nor benches
how would it help exactly.

More information about the Tarantool-patches mailing list