From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <korablev@tarantool.org>
Received: from smtp32.i.mail.ru (smtp32.i.mail.ru [94.100.177.92])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 3BF87430407
 for <tarantool-patches@dev.tarantool.org>;
 Mon, 10 Aug 2020 19:09:16 +0300 (MSK)
Date: Mon, 10 Aug 2020 16:09:14 +0000
From: Nikita Pettik <korablev@tarantool.org>
Message-ID: <20200810160914.GA3803@tarantool.org>
References: <cover.1596584571.git.v.shpilevoy@tarantool.org>
 <f1b60f4011e19aa04c0ff7d49c82e46955a968fc.1596584571.git.v.shpilevoy@tarantool.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <f1b60f4011e19aa04c0ff7d49c82e46955a968fc.1596584571.git.v.shpilevoy@tarantool.org>
Subject: Re: [Tarantool-patches] [PATCH 1/2] tuple: fix multikey field JSON
	access crash
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
To: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org

On 05 Aug 01:45, Vladislav Shpilevoy wrote:
> When a tuple had format with multikey indexes in it, any attempt
> to get a multikey indexed field by a JSON path from Lua led to a
> crash.
> 
> That was because of incorrect interpretation of offset slot value
> in tuple's field map.
> 
> Tuple field map is an array stored before the tuple's MessagePack
> data. Each element is a 4 byte offset to an indexed value to be
> able to get it for O(1) time without MessagePack decoding of all
> the previous fields.
> 
> At least it was so before multikeys. Now tuple field map is not
> just an array. It is rather a 2-level array, somehow similar to
> ext4 FS. Some elements of the root array are positive numbers
> pointing at data. Some elements point at a second 'indirect'
> array, so called 'extra', size of which is individual for each
> tuple. These second arrays are used by multikey indexes to store
> offsets to each multikey indexed value in a tuple.
> 
> It means, that if there is an offset slot, it can't be just used
> as is. It is allowed only if the field is not multikey. Otherwise
> it is neccessary to somehow get an index in the second 'indirect'
> array.
> 
> This is what was happening - a multikey field was found, its
> offset slot was valid, but it was pointing at an 'indirect' array,
> not at the data. JSON tuple field access tried to use it as a data
> offset.
> 
> The patch makes JSON field access degrade to fullscan when a field
> is multikey, but no multikey array index is provided.
> 
> Closes #5224

LGTM