Tarantool development patches archive
 help / color / mirror / Atom feed
From: Mergen Imeev via Tarantool-patches <tarantool-patches@dev.tarantool.org>
To: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Subject: Re: [Tarantool-patches] [PATCH v1 1/1] sql: fix a segfault in hex() on receiving zeroblob
Date: Fri, 27 Aug 2021 10:54:57 +0300	[thread overview]
Message-ID: <20210827075457.GA58390@tarantool.org> (raw)
In-Reply-To: <781509c4-6531-1f3b-0ff2-cc95a4bf489c@tarantool.org>

Thank you for the review! My answers, diff and new patch below.

On Thu, Aug 26, 2021 at 10:31:53PM +0200, Vladislav Shpilevoy wrote:
> Thanks for the patch!
> 
> > diff --git a/src/box/sql/func.c b/src/box/sql/func.c
> > index b137c6125..d182bb313 100644
> > --- a/src/box/sql/func.c
> > +++ b/src/box/sql/func.c
> > @@ -1221,14 +1221,22 @@ hexFunc(sql_context * context, int argc, sql_value ** argv)
> >  	UNUSED_PARAMETER(argc);
> >  	pBlob = mem_as_bin(argv[0]);
> >  	n = mem_len_unsafe(argv[0]);
> > +	assert((argv[0]->flags & MEM_Zero) == 0 ||
> > +	       argv[0]->type == MEM_TYPE_BIN);
> > +	int zero_len = (argv[0]->flags & MEM_Zero) == 0 ? 0 : argv[0]->u.nZero;
> >  	assert(pBlob == mem_as_bin(argv[0]));	/* No encoding change */
> >  	z = zHex = contextMalloc(context, ((i64) n) * 2 + 1);
> >  	if (zHex) {
> > -		for (i = 0; i < n; i++, pBlob++) {
> > +		for (i = 0; i < n - zero_len; i++, pBlob++) {
> >  			unsigned char c = *pBlob;
> >  			*(z++) = hexdigits[(c >> 4) & 0xf];
> >  			*(z++) = hexdigits[c & 0xf];
> >  		}
> > +		for (; i < n; ++i) {
> > +			assert((argv[0]->flags & MEM_Zero) != 0);
> 
> 1. This assert can be out of the loop. It does not depend on z or i.
> 
Actually, it does, since MEM_Zero flag is set only when i < n. Fixed.

> 2. The loop could be replaced with memset().
> 
Thanks, fixed.

> > +			*(z++) = '0';
> > +			*(z++) = '0';
> > +		}

Diff:


diff --git a/src/box/sql/func.c b/src/box/sql/func.c
index d182bb313..3ef31705e 100644
--- a/src/box/sql/func.c
+++ b/src/box/sql/func.c
@@ -1232,12 +1232,10 @@ hexFunc(sql_context * context, int argc, sql_value ** argv)
 			*(z++) = hexdigits[(c >> 4) & 0xf];
 			*(z++) = hexdigits[c & 0xf];
 		}
-		for (; i < n; ++i) {
-			assert((argv[0]->flags & MEM_Zero) != 0);
-			*(z++) = '0';
-			*(z++) = '0';
-		}
-		*z = 0;
+		assert(i == n || (argv[0]->flags & MEM_Zero) != 0);
+		assert(n == zero_len + i);
+		memset(z, '0', 2 * zero_len);
+		z[2 * zero_len] = '\0';
 		sql_result_text(context, zHex, n * 2, sql_free);
 	}
 }


New patch:


commit 3fddf927be4ef819b63e172f29af58ac352da640
Author: Mergen Imeev <imeevma@gmail.com>
Date:   Sun Aug 22 08:05:45 2021 +0300

    sql: fix a segfault in hex() on receiving zeroblob
    
    This patch fixes a segmentation fault when zeroblob is received by the
    SQL built-in HEX() function.
    
    Closes #6113

diff --git a/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md
new file mode 100644
index 000000000..c59be4d96
--- /dev/null
+++ b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md
@@ -0,0 +1,5 @@
+## bugfix/sql
+
+* The HEX() SQL built-in function now does not throw an assert on receiving
+  varbinary values that consist of zero-bytes (gh-6113).
+
diff --git a/src/box/sql/func.c b/src/box/sql/func.c
index b137c6125..3ef31705e 100644
--- a/src/box/sql/func.c
+++ b/src/box/sql/func.c
@@ -1221,15 +1221,21 @@ hexFunc(sql_context * context, int argc, sql_value ** argv)
 	UNUSED_PARAMETER(argc);
 	pBlob = mem_as_bin(argv[0]);
 	n = mem_len_unsafe(argv[0]);
+	assert((argv[0]->flags & MEM_Zero) == 0 ||
+	       argv[0]->type == MEM_TYPE_BIN);
+	int zero_len = (argv[0]->flags & MEM_Zero) == 0 ? 0 : argv[0]->u.nZero;
 	assert(pBlob == mem_as_bin(argv[0]));	/* No encoding change */
 	z = zHex = contextMalloc(context, ((i64) n) * 2 + 1);
 	if (zHex) {
-		for (i = 0; i < n; i++, pBlob++) {
+		for (i = 0; i < n - zero_len; i++, pBlob++) {
 			unsigned char c = *pBlob;
 			*(z++) = hexdigits[(c >> 4) & 0xf];
 			*(z++) = hexdigits[c & 0xf];
 		}
-		*z = 0;
+		assert(i == n || (argv[0]->flags & MEM_Zero) != 0);
+		assert(n == zero_len + i);
+		memset(z, '0', 2 * zero_len);
+		z[2 * zero_len] = '\0';
 		sql_result_text(context, zHex, n * 2, sql_free);
 	}
 }
diff --git a/test/sql-tap/engine.cfg b/test/sql-tap/engine.cfg
index 693a477b7..ddee8c328 100644
--- a/test/sql-tap/engine.cfg
+++ b/test/sql-tap/engine.cfg
@@ -21,6 +21,7 @@
         "memtx": {"engine": "memtx"}
     },
     "gh-4077-iproto-execute-no-bind.test.lua": {},
+    "gh-6113-assert-in-hex-on-zeroblob.test.lua": {},
     "*": {
         "memtx": {"engine": "memtx"},
         "vinyl": {"engine": "vinyl"}
diff --git a/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua b/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua
new file mode 100755
index 000000000..91a29a5b4
--- /dev/null
+++ b/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua
@@ -0,0 +1,13 @@
+#!/usr/bin/env tarantool
+local test = require("sqltester")
+test:plan(1)
+
+test:do_execsql_test(
+    "gh-6113",
+    [[
+        SELECT hex(zeroblob(0)), hex(zeroblob(10));
+    ]], {
+        '', '00000000000000000000'
+    })
+
+test:finish_test()

  reply	other threads:[~2021-08-27  7:55 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-26 11:10 Mergen Imeev via Tarantool-patches
2021-08-26 20:31 ` Vladislav Shpilevoy via Tarantool-patches
2021-08-27  7:54   ` Mergen Imeev via Tarantool-patches [this message]
2021-08-27 21:52     ` Vladislav Shpilevoy via Tarantool-patches
2021-08-26 11:11 Mergen Imeev via Tarantool-patches
2021-08-26 20:42 ` Vladislav Shpilevoy via Tarantool-patches
2021-08-27  8:26   ` Mergen Imeev via Tarantool-patches
2021-08-27 21:31     ` Vladislav Shpilevoy via Tarantool-patches
2021-08-30  6:20 Mergen Imeev via Tarantool-patches
2021-09-03 19:20 ` Safin Timur via Tarantool-patches
2021-08-30  6:30 Mergen Imeev via Tarantool-patches
2021-08-31 19:32 ` Timur Safin via Tarantool-patches
2021-09-01  8:44   ` Mergen Imeev via Tarantool-patches
2021-09-03 19:19     ` Safin Timur via Tarantool-patches
2021-09-06  9:45       ` Mergen Imeev via Tarantool-patches
2021-09-06 20:32         ` Safin Timur via Tarantool-patches
2021-09-07  9:16           ` Mergen Imeev via Tarantool-patches
2021-10-05 12:49 Mergen Imeev via Tarantool-patches

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210827075457.GA58390@tarantool.org \
    --to=tarantool-patches@dev.tarantool.org \
    --cc=imeevma@tarantool.org \
    --cc=v.shpilevoy@tarantool.org \
    --subject='Re: [Tarantool-patches] [PATCH v1 1/1] sql: fix a segfault in hex() on receiving zeroblob' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox