[Tarantool-patches] [PATCH 1/2] tuple: fix multikey field JSON access crash

Nikita Pettik korablev at tarantool.org
Mon Aug 10 19:09:14 MSK 2020


On 05 Aug 01:45, Vladislav Shpilevoy wrote:
> When a tuple had format with multikey indexes in it, any attempt
> to get a multikey indexed field by a JSON path from Lua led to a
> crash.
> 
> That was because of incorrect interpretation of offset slot value
> in tuple's field map.
> 
> Tuple field map is an array stored before the tuple's MessagePack
> data. Each element is a 4 byte offset to an indexed value to be
> able to get it for O(1) time without MessagePack decoding of all
> the previous fields.
> 
> At least it was so before multikeys. Now tuple field map is not
> just an array. It is rather a 2-level array, somehow similar to
> ext4 FS. Some elements of the root array are positive numbers
> pointing at data. Some elements point at a second 'indirect'
> array, so called 'extra', size of which is individual for each
> tuple. These second arrays are used by multikey indexes to store
> offsets to each multikey indexed value in a tuple.
> 
> It means, that if there is an offset slot, it can't be just used
> as is. It is allowed only if the field is not multikey. Otherwise
> it is neccessary to somehow get an index in the second 'indirect'
> array.
> 
> This is what was happening - a multikey field was found, its
> offset slot was valid, but it was pointing at an 'indirect' array,
> not at the data. JSON tuple field access tried to use it as a data
> offset.
> 
> The patch makes JSON field access degrade to fullscan when a field
> is multikey, but no multikey array index is provided.
> 
> Closes #5224

LGTM



More information about the Tarantool-patches mailing list