[Tarantool-patches] [PATCH 2/2] tuple: add argument length check for update()

Chris Sosnin k.sosnin at tarantool.org
Fri Jan 10 10:28:26 MSK 2020 

Currently tuple_object:update() does not check the length
of operation string and just takes the first character
after decoding. This patch fixes this problem.

Follow-up #3884
---
 src/box/xrow_update_field.c | 13 ++++++++-----
 test/box/update.result      | 12 ++++++++++++
 test/box/update.test.lua    |  3 +++
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/src/box/xrow_update_field.c b/src/box/xrow_update_field.c
index deee91738..7c0f5fb5e 100644
--- a/src/box/xrow_update_field.c
+++ b/src/box/xrow_update_field.c
@@ -595,9 +595,11 @@ static const struct xrow_update_op_meta op_delete = {
 };
 
 static inline const struct xrow_update_op_meta *
-xrow_update_op_by(char opcode, int op_num)
+xrow_update_op_by(const char *opcode, uint32_t len, int op_num)
 {
-	switch (opcode) {
+	if (len != 1)
+		goto error;
+	switch (*opcode) {
 	case '=':
 		return &op_set;
 	case '+':
@@ -618,7 +620,7 @@ xrow_update_op_by(char opcode, int op_num)
 	}
 error:
 	diag_set(ClientError, ER_UNKNOWN_UPDATE_OP, op_num,
-		 tt_sprintf("\"%c\"", opcode));
+		 tt_sprintf("\"%.*s\"", len, opcode));
 	return NULL;
 }
 
@@ -659,10 +661,11 @@ xrow_update_op_decode(struct xrow_update_op *op, int op_num, int index_base,
 			 "update operation name must be a string");
 		return -1;
 	}
-	op->opcode = *mp_decode_str(expr, &len);
-	op->meta = xrow_update_op_by(op->opcode, op_num);
+	const char *opcode = mp_decode_str(expr, &len);
+	op->meta = xrow_update_op_by(opcode, len, op_num);
 	if (op->meta == NULL)
 		return -1;
+	op->opcode = *opcode;
 	if (arg_count != op->meta->arg_count) {
 		const char *str = tt_sprintf("wrong number of arguments, "\
 					     "expected %u, got %u",
diff --git a/test/box/update.result b/test/box/update.result
index 7fc0b02c6..28ba47831 100644
--- a/test/box/update.result
+++ b/test/box/update.result
@@ -834,6 +834,18 @@ s:update({0}, {{'+', 0}})
 - error: 'Unknown UPDATE operation #1: wrong number of arguments, expected 3, got
     2'
 ...
+s:update({0}, {{'', 2, 1}})
+---
+- error: 'Unknown UPDATE operation #1: ""'
+...
+s:update({0}, {{'more than 1 character', 2, 1}})
+---
+- error: 'Unknown UPDATE operation #1: "more than 1 character"'
+...
+s:update({0}, {{'same as previous'}})
+---
+- error: 'Unknown UPDATE operation #1: "same as previous"'
+...
 s:update({0}, {{'+', '+', '+'}})
 ---
 - error: 'Field ''+'' UPDATE error: invalid JSON in position 1'
diff --git a/test/box/update.test.lua b/test/box/update.test.lua
index 6e8dbd642..314ebef05 100644
--- a/test/box/update.test.lua
+++ b/test/box/update.test.lua
@@ -252,6 +252,9 @@ s:update({0}, {'+', 2, 2})
 s:update({0}, {{}})
 s:update({0}, {{'+'}})
 s:update({0}, {{'+', 0}})
+s:update({0}, {{'', 2, 1}})
+s:update({0}, {{'more than 1 character', 2, 1}})
+s:update({0}, {{'same as previous'}})
 s:update({0}, {{'+', '+', '+'}})
 s:update({0}, {{0, 0, 0}})
 
-- 
2.21.0 (Apple Git-122.2)

More information about the Tarantool-patches mailing list