[Tarantool-patches] [PATCH 1/2] tuple: fix multikey field JSON access crash
Aleksandr Lyapunov
alyapunov at tarantool.org
Tue Aug 11 12:44:01 MSK 2020
Hi! thanks again for the patch. see one comment below.
On 8/5/20 2:45 AM, Vladislav Shpilevoy wrote:
> goto parse;
> if (offset_slot_hint != NULL)
> *offset_slot_hint = offset_slot;
> + /*
> + * When the field is multikey, the offset slot points not at the
> + * data. It points at 'extra' array of offsets for this multikey
> + * index. That array can only be accessed if index in that array
> + * is known.
> + */
> + if (field->is_multikey_part && multikey_idx == MULTIKEY_NONE)
> + goto parse;
> offset_slot_access:
> /* Indexed field */
> offset = field_map_get_offset(field_map, offset_slot,
I'm sure that your check must be moved for two lines up. I mean the check
must be done before setting *offset_slot_hint.
As I understood offset_slot_hint will contain a hint for further
tuple_field_raw_by_path
calls with the same path. That is a kind of agreement, we may call
tuple_field_raw_by_path
twice and must get the same results.
But in your code you set *offset_slot_hint before a check that could go
to 'parse' label.
Meanwhile in the second call of tuple_field_raw_by_path it'll check
*offset_slot_hint and
will go to 'offset_slot_access' label. That's wrong.
More information about the Tarantool-patches
mailing list