From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id B6220225BB for ; Fri, 15 Feb 2019 12:37:31 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1c7buEEs_j_P for ; Fri, 15 Feb 2019 12:37:31 -0500 (EST) Received: from smtpng3.m.smailru.net (smtpng3.m.smailru.net [94.100.177.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 724E92257E for ; Fri, 15 Feb 2019 12:37:31 -0500 (EST) From: Nikita Pettik Subject: [tarantool-patches] [PATCH v2] sql: display decoded msgpack for EXPLAIN queries Date: Fri, 15 Feb 2019 20:37:27 +0300 Message-Id: <20190215173727.88956-1-korablev@tarantool.org> Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: tarantool-patches@freelists.org Cc: v.shpilevoy@tarantool.org, Nikita Pettik During DDL routines we pass encoded space/index/trigger formats into msgpack to VDBE. EXPLAIN query displays arguments of each opcode of VDBE program in a readable format. So, lets decode arguments of OP_Blob opcode with subtype = _MSGPACK before displaying them. Also, lets enlarge static buffers for P4 operand value and opcode comment to fit decoded msgpack. What is more, it fixes buffer-overflow since before this patch operands of OP_Blob were treated as strings and passed to functions like strlen() (only during EXPLAIN query). On the other hand, generally speaking msgpack can come without null termination, or contain '\0' symbols in the middle of encoded array. Closes #3868 --- Branch: https://github.com/tarantool/tarantool/tree/np/gh-3868-buffer-overflow-v2 Issue: https://github.com/tarantool/tarantool/issues/3868 Discussion of previous version: https://www.freelists.org/post/tarantool-patches/PATCH-sql-terminate-with-0-encoded-msgpack src/box/sql/vdbeaux.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/box/sql/vdbeaux.c b/src/box/sql/vdbeaux.c index b831b52ad..30fb5398a 100644 --- a/src/box/sql/vdbeaux.c +++ b/src/box/sql/vdbeaux.c @@ -1284,6 +1284,15 @@ displayComment(const Op * pOp, /* The opcode to be commented */ static char * displayP4(Op * pOp, char *zTemp, int nTemp) { + /* + * Msgpack is subtype, not type of P4, so lets consider + * it as special case. We should decode msgpack to display + * it in a readable form. + */ + if (pOp->opcode == OP_Blob && pOp->p3 == SQL_SUBTYPE_MSGPACK) { + mp_snprint(zTemp, nTemp, pOp->p4.z); + return zTemp; + } char *zP4 = zTemp; StrAccum x; assert(nTemp >= 20); @@ -1416,8 +1425,8 @@ void sqlVdbePrintOp(FILE * pOut, int pc, Op * pOp) { char *zP4; - char zPtr[50]; - char zCom[100]; + char zPtr[256]; + char zCom[256]; static const char *zFormat1 = "%4d> %4d %-13s %4d %4d %4d %-13s %.2X %s\n"; if (pOut == 0) @@ -1674,12 +1683,13 @@ sqlVdbeList(Vdbe * p) pMem->u.i = pOp->p3; /* P3 */ pMem++; - if (sqlVdbeMemClearAndResize(pMem, 100)) { /* P4 */ + if (sqlVdbeMemClearAndResize(pMem, 256)) { assert(p->db->mallocFailed); return SQL_ERROR; } pMem->flags = MEM_Str | MEM_Term; zP4 = displayP4(pOp, pMem->z, pMem->szMalloc); if (zP4 != pMem->z) { pMem->n = 0; sqlVdbeMemSetStr(pMem, zP4, -1, 1, 0); -- 2.15.1