From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp32.i.mail.ru (smtp32.i.mail.ru [94.100.177.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 3BF87430407 for ; Mon, 10 Aug 2020 19:09:16 +0300 (MSK) Date: Mon, 10 Aug 2020 16:09:14 +0000 From: Nikita Pettik Message-ID: <20200810160914.GA3803@tarantool.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Subject: Re: [Tarantool-patches] [PATCH 1/2] tuple: fix multikey field JSON access crash List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Vladislav Shpilevoy Cc: tarantool-patches@dev.tarantool.org On 05 Aug 01:45, Vladislav Shpilevoy wrote: > When a tuple had format with multikey indexes in it, any attempt > to get a multikey indexed field by a JSON path from Lua led to a > crash. > > That was because of incorrect interpretation of offset slot value > in tuple's field map. > > Tuple field map is an array stored before the tuple's MessagePack > data. Each element is a 4 byte offset to an indexed value to be > able to get it for O(1) time without MessagePack decoding of all > the previous fields. > > At least it was so before multikeys. Now tuple field map is not > just an array. It is rather a 2-level array, somehow similar to > ext4 FS. Some elements of the root array are positive numbers > pointing at data. Some elements point at a second 'indirect' > array, so called 'extra', size of which is individual for each > tuple. These second arrays are used by multikey indexes to store > offsets to each multikey indexed value in a tuple. > > It means, that if there is an offset slot, it can't be just used > as is. It is allowed only if the field is not multikey. Otherwise > it is neccessary to somehow get an index in the second 'indirect' > array. > > This is what was happening - a multikey field was found, its > offset slot was valid, but it was pointing at an 'indirect' array, > not at the data. JSON tuple field access tried to use it as a data > offset. > > The patch makes JSON field access degrade to fullscan when a field > is multikey, but no multikey array index is provided. > > Closes #5224 LGTM