From: Mergen Imeev via Tarantool-patches <tarantool-patches@dev.tarantool.org> To: Vladislav Shpilevoy <v.shpilevoy@tarantool.org> Cc: tarantool-patches@dev.tarantool.org Subject: Re: [Tarantool-patches] [PATCH v1 1/1] sql: fix a segfault in hex() on receiving zeroblob Date: Fri, 27 Aug 2021 10:54:57 +0300 [thread overview] Message-ID: <20210827075457.GA58390@tarantool.org> (raw) In-Reply-To: <781509c4-6531-1f3b-0ff2-cc95a4bf489c@tarantool.org> Thank you for the review! My answers, diff and new patch below. On Thu, Aug 26, 2021 at 10:31:53PM +0200, Vladislav Shpilevoy wrote: > Thanks for the patch! > > > diff --git a/src/box/sql/func.c b/src/box/sql/func.c > > index b137c6125..d182bb313 100644 > > --- a/src/box/sql/func.c > > +++ b/src/box/sql/func.c > > @@ -1221,14 +1221,22 @@ hexFunc(sql_context * context, int argc, sql_value ** argv) > > UNUSED_PARAMETER(argc); > > pBlob = mem_as_bin(argv[0]); > > n = mem_len_unsafe(argv[0]); > > + assert((argv[0]->flags & MEM_Zero) == 0 || > > + argv[0]->type == MEM_TYPE_BIN); > > + int zero_len = (argv[0]->flags & MEM_Zero) == 0 ? 0 : argv[0]->u.nZero; > > assert(pBlob == mem_as_bin(argv[0])); /* No encoding change */ > > z = zHex = contextMalloc(context, ((i64) n) * 2 + 1); > > if (zHex) { > > - for (i = 0; i < n; i++, pBlob++) { > > + for (i = 0; i < n - zero_len; i++, pBlob++) { > > unsigned char c = *pBlob; > > *(z++) = hexdigits[(c >> 4) & 0xf]; > > *(z++) = hexdigits[c & 0xf]; > > } > > + for (; i < n; ++i) { > > + assert((argv[0]->flags & MEM_Zero) != 0); > > 1. This assert can be out of the loop. It does not depend on z or i. > Actually, it does, since MEM_Zero flag is set only when i < n. Fixed. > 2. The loop could be replaced with memset(). > Thanks, fixed. > > + *(z++) = '0'; > > + *(z++) = '0'; > > + } Diff: diff --git a/src/box/sql/func.c b/src/box/sql/func.c index d182bb313..3ef31705e 100644 --- a/src/box/sql/func.c +++ b/src/box/sql/func.c @@ -1232,12 +1232,10 @@ hexFunc(sql_context * context, int argc, sql_value ** argv) *(z++) = hexdigits[(c >> 4) & 0xf]; *(z++) = hexdigits[c & 0xf]; } - for (; i < n; ++i) { - assert((argv[0]->flags & MEM_Zero) != 0); - *(z++) = '0'; - *(z++) = '0'; - } - *z = 0; + assert(i == n || (argv[0]->flags & MEM_Zero) != 0); + assert(n == zero_len + i); + memset(z, '0', 2 * zero_len); + z[2 * zero_len] = '\0'; sql_result_text(context, zHex, n * 2, sql_free); } } New patch: commit 3fddf927be4ef819b63e172f29af58ac352da640 Author: Mergen Imeev <imeevma@gmail.com> Date: Sun Aug 22 08:05:45 2021 +0300 sql: fix a segfault in hex() on receiving zeroblob This patch fixes a segmentation fault when zeroblob is received by the SQL built-in HEX() function. Closes #6113 diff --git a/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md new file mode 100644 index 000000000..c59be4d96 --- /dev/null +++ b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md @@ -0,0 +1,5 @@ +## bugfix/sql + +* The HEX() SQL built-in function now does not throw an assert on receiving + varbinary values that consist of zero-bytes (gh-6113). + diff --git a/src/box/sql/func.c b/src/box/sql/func.c index b137c6125..3ef31705e 100644 --- a/src/box/sql/func.c +++ b/src/box/sql/func.c @@ -1221,15 +1221,21 @@ hexFunc(sql_context * context, int argc, sql_value ** argv) UNUSED_PARAMETER(argc); pBlob = mem_as_bin(argv[0]); n = mem_len_unsafe(argv[0]); + assert((argv[0]->flags & MEM_Zero) == 0 || + argv[0]->type == MEM_TYPE_BIN); + int zero_len = (argv[0]->flags & MEM_Zero) == 0 ? 0 : argv[0]->u.nZero; assert(pBlob == mem_as_bin(argv[0])); /* No encoding change */ z = zHex = contextMalloc(context, ((i64) n) * 2 + 1); if (zHex) { - for (i = 0; i < n; i++, pBlob++) { + for (i = 0; i < n - zero_len; i++, pBlob++) { unsigned char c = *pBlob; *(z++) = hexdigits[(c >> 4) & 0xf]; *(z++) = hexdigits[c & 0xf]; } - *z = 0; + assert(i == n || (argv[0]->flags & MEM_Zero) != 0); + assert(n == zero_len + i); + memset(z, '0', 2 * zero_len); + z[2 * zero_len] = '\0'; sql_result_text(context, zHex, n * 2, sql_free); } } diff --git a/test/sql-tap/engine.cfg b/test/sql-tap/engine.cfg index 693a477b7..ddee8c328 100644 --- a/test/sql-tap/engine.cfg +++ b/test/sql-tap/engine.cfg @@ -21,6 +21,7 @@ "memtx": {"engine": "memtx"} }, "gh-4077-iproto-execute-no-bind.test.lua": {}, + "gh-6113-assert-in-hex-on-zeroblob.test.lua": {}, "*": { "memtx": {"engine": "memtx"}, "vinyl": {"engine": "vinyl"} diff --git a/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua b/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua new file mode 100755 index 000000000..91a29a5b4 --- /dev/null +++ b/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua @@ -0,0 +1,13 @@ +#!/usr/bin/env tarantool +local test = require("sqltester") +test:plan(1) + +test:do_execsql_test( + "gh-6113", + [[ + SELECT hex(zeroblob(0)), hex(zeroblob(10)); + ]], { + '', '00000000000000000000' + }) + +test:finish_test()
next prev parent reply other threads:[~2021-08-27 7:55 UTC|newest] Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-08-26 11:10 Mergen Imeev via Tarantool-patches 2021-08-26 20:31 ` Vladislav Shpilevoy via Tarantool-patches 2021-08-27 7:54 ` Mergen Imeev via Tarantool-patches [this message] 2021-08-27 21:52 ` Vladislav Shpilevoy via Tarantool-patches 2021-08-26 11:11 Mergen Imeev via Tarantool-patches 2021-08-26 20:42 ` Vladislav Shpilevoy via Tarantool-patches 2021-08-27 8:26 ` Mergen Imeev via Tarantool-patches 2021-08-27 21:31 ` Vladislav Shpilevoy via Tarantool-patches 2021-08-30 6:20 Mergen Imeev via Tarantool-patches 2021-09-03 19:20 ` Safin Timur via Tarantool-patches 2021-08-30 6:30 Mergen Imeev via Tarantool-patches 2021-08-31 19:32 ` Timur Safin via Tarantool-patches 2021-09-01 8:44 ` Mergen Imeev via Tarantool-patches 2021-09-03 19:19 ` Safin Timur via Tarantool-patches 2021-09-06 9:45 ` Mergen Imeev via Tarantool-patches 2021-09-06 20:32 ` Safin Timur via Tarantool-patches 2021-09-07 9:16 ` Mergen Imeev via Tarantool-patches 2021-10-05 12:49 Mergen Imeev via Tarantool-patches
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210827075457.GA58390@tarantool.org \ --to=tarantool-patches@dev.tarantool.org \ --cc=imeevma@tarantool.org \ --cc=v.shpilevoy@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH v1 1/1] sql: fix a segfault in hex() on receiving zeroblob' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox