From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <korablev@tarantool.org>
Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id C977246971A
 for <tarantool-patches@dev.tarantool.org>;
 Thu,  5 Dec 2019 14:40:07 +0300 (MSK)
Date: Thu, 5 Dec 2019 14:40:07 +0300
From: Nikita Pettik <korablev@tarantool.org>
Message-ID: <20191205114007.GA47637@tarantool.org>
References: <cover.1574846892.git.korablev@tarantool.org>
 <1ca68695d7cd7d3d83f4b6829363ef533a23be38.1574846892.git.korablev@tarantool.org>
 <e2f296f9-a140-b9a8-c578-0fa3b006ec89@tarantool.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <e2f296f9-a140-b9a8-c578-0fa3b006ec89@tarantool.org>
Subject: Re: [Tarantool-patches] [PATCH 2/6] sql: fix possible null
 dereference in sql_expr_coll()
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
To: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org

On 28 Nov 23:42, Vladislav Shpilevoy wrote:
> Thanks for the patch!
> 
> Is it possible to test this?

As a pure test case - I've failed to come up with it.
But the next patch (which adds collation to metadata) definitely fails
without this fix (when TRIM() or REPLACE() are called without args).
I can dive into details, but I guess it's not so important here (since
this is obviously buggy place). If you want further investigation, let me
know and I will do it.
 
> On 27/11/2019 13:15, Nikita Pettik wrote:
> > ---
> >  src/box/sql/expr.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/src/box/sql/expr.c b/src/box/sql/expr.c
> > index 648b7170e..0bdcfe576 100644
> > --- a/src/box/sql/expr.c
> > +++ b/src/box/sql/expr.c
> > @@ -332,7 +332,8 @@ sql_expr_coll(Parse *parse, Expr *p, bool *is_explicit_coll, uint32_t *coll_id,
> >  				sql_func_by_signature(p->u.zToken, arg_count);
> >  			if (func == NULL)
> >  				break;
> > -			if (sql_func_flag_is_set(func, SQL_FUNC_DERIVEDCOLL)) {
> > +			if (sql_func_flag_is_set(func, SQL_FUNC_DERIVEDCOLL) &&
> > +			    arg_count > 0) {
> >  				/*
> >  				 * Now we use quite straightforward
> >  				 * approach assuming that resulting
> >