[Tarantool-patches] [PATCH 2/2] tuple: add argument length check for update()
Chris Sosnin
k.sosnin at tarantool.org
Fri Jan 10 10:28:26 MSK 2020
Currently tuple_object:update() does not check the length
of operation string and just takes the first character
after decoding. This patch fixes this problem.
Follow-up #3884
---
src/box/xrow_update_field.c | 13 ++++++++-----
test/box/update.result | 12 ++++++++++++
test/box/update.test.lua | 3 +++
3 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/src/box/xrow_update_field.c b/src/box/xrow_update_field.c
index deee91738..7c0f5fb5e 100644
--- a/src/box/xrow_update_field.c
+++ b/src/box/xrow_update_field.c
@@ -595,9 +595,11 @@ static const struct xrow_update_op_meta op_delete = {
};
static inline const struct xrow_update_op_meta *
-xrow_update_op_by(char opcode, int op_num)
+xrow_update_op_by(const char *opcode, uint32_t len, int op_num)
{
- switch (opcode) {
+ if (len != 1)
+ goto error;
+ switch (*opcode) {
case '=':
return &op_set;
case '+':
@@ -618,7 +620,7 @@ xrow_update_op_by(char opcode, int op_num)
}
error:
diag_set(ClientError, ER_UNKNOWN_UPDATE_OP, op_num,
- tt_sprintf("\"%c\"", opcode));
+ tt_sprintf("\"%.*s\"", len, opcode));
return NULL;
}
@@ -659,10 +661,11 @@ xrow_update_op_decode(struct xrow_update_op *op, int op_num, int index_base,
"update operation name must be a string");
return -1;
}
- op->opcode = *mp_decode_str(expr, &len);
- op->meta = xrow_update_op_by(op->opcode, op_num);
+ const char *opcode = mp_decode_str(expr, &len);
+ op->meta = xrow_update_op_by(opcode, len, op_num);
if (op->meta == NULL)
return -1;
+ op->opcode = *opcode;
if (arg_count != op->meta->arg_count) {
const char *str = tt_sprintf("wrong number of arguments, "\
"expected %u, got %u",
diff --git a/test/box/update.result b/test/box/update.result
index 7fc0b02c6..28ba47831 100644
--- a/test/box/update.result
+++ b/test/box/update.result
@@ -834,6 +834,18 @@ s:update({0}, {{'+', 0}})
- error: 'Unknown UPDATE operation #1: wrong number of arguments, expected 3, got
2'
...
+s:update({0}, {{'', 2, 1}})
+---
+- error: 'Unknown UPDATE operation #1: ""'
+...
+s:update({0}, {{'more than 1 character', 2, 1}})
+---
+- error: 'Unknown UPDATE operation #1: "more than 1 character"'
+...
+s:update({0}, {{'same as previous'}})
+---
+- error: 'Unknown UPDATE operation #1: "same as previous"'
+...
s:update({0}, {{'+', '+', '+'}})
---
- error: 'Field ''+'' UPDATE error: invalid JSON in position 1'
diff --git a/test/box/update.test.lua b/test/box/update.test.lua
index 6e8dbd642..314ebef05 100644
--- a/test/box/update.test.lua
+++ b/test/box/update.test.lua
@@ -252,6 +252,9 @@ s:update({0}, {'+', 2, 2})
s:update({0}, {{}})
s:update({0}, {{'+'}})
s:update({0}, {{'+', 0}})
+s:update({0}, {{'', 2, 1}})
+s:update({0}, {{'more than 1 character', 2, 1}})
+s:update({0}, {{'same as previous'}})
s:update({0}, {{'+', '+', '+'}})
s:update({0}, {{0, 0, 0}})
--
2.21.0 (Apple Git-122.2)
More information about the Tarantool-patches
mailing list