From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id EB3566EC55;
	Fri, 27 Aug 2021 10:55:03 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org EB3566EC55
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1630050904; bh=mQgWFrf/o8s07Y/KiahKn9V/MlNkv4EIrcrKsh2L2AY=;
	h=Date:To:Cc:References:In-Reply-To:Subject:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From:Reply-To:From;
	b=rM1UUczzZvbQS+DxGcADtxxfeCEOqQSY9qCdVOVEiJqGKWVx1q5NNmbddxM0vljZf
	 /MzhP7ksMgIADWV5Ov5aChQL4C3nSojNdDhYm961pLD6xvg+Fsx9Oye30xuNxzW1bu
	 skDjk8ySYrBwVRt7UxLRkN1iePWv5aua4EuyUX/Y=
Received: from smtpng1.i.mail.ru (smtpng1.i.mail.ru [94.100.181.251])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id CC9F66EC55
 for <tarantool-patches@dev.tarantool.org>;
 Fri, 27 Aug 2021 10:54:59 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org CC9F66EC55
Received: by smtpng1.m.smailru.net with esmtpa (envelope-from
 <imeevma@tarantool.org>)
 id 1mJWhX-0006Cj-2w; Fri, 27 Aug 2021 10:54:59 +0300
Date: Fri, 27 Aug 2021 10:54:57 +0300
To: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Message-ID: <20210827075457.GA58390@tarantool.org>
References: <866533cf6634609e69fdf734fd2a124361117a5f.1629976189.git.imeevma@gmail.com>
 <781509c4-6531-1f3b-0ff2-cc95a4bf489c@tarantool.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <781509c4-6531-1f3b-0ff2-cc95a4bf489c@tarantool.org>
X-4EC0790: 10
X-7564579A: 646B95376F6C166E
X-77F55803: 4F1203BC0FB41BD92087353F0EC44DD9BCE6B93DE0C6C3914462CDB1732D383C182A05F5380850409067BDCC11AD87FB1DE345BB0D4B66F7B9B26D35FDCE863DE3977DB9A6F1B59E
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE752E71F0C64B7C834EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637C1CDCB5E4A85220F8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8764D8D2DA6750D83F59D814CCFF262FB117882F4460429724CE54428C33FAD305F5C1EE8F4F765FCAA867293B0326636D2E47CDBA5A96583BD4B6F7A4D31EC0BC014FD901B82EE079FA2833FD35BB23D27C277FBC8AE2E8BAA867293B0326636D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B6B1CFA6D474D4A6A4089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF
X-C1DE0DAB: 0D63561A33F958A563D6E3082C45E8AC84D71683ABD18047B23113ECA96ACED5D59269BC5F550898D99A6476B3ADF6B47008B74DF8BB9EF7333BD3B22AA88B938A852937E12ACA756665624D6DDF07B5410CA545F18667F91A7EA1CDA0B5A7A0
X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34EE19B6E2433CA09356B0A1C9C56A26F7EAE14E1B7A7EE8BAC74A8CBDEBB3C164800F4F68EE8118DE1D7E09C32AA3244CC81382C68D8E553510C12FA8EA5BAE49E8FBBEFAE1C4874C729B2BEF169E0186
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj+bzRAXO2P1TjBZlaANxmwA==
X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5DDB9544F402E8096923AF1A578F8EA9BD83D72C36FC87018B9F80AB2734326CD2FB559BB5D741EB96352A0ABBE4FDA4210A04DAD6CC59E33667EA787935ED9F1B
X-Mras: Ok
Subject: Re: [Tarantool-patches] [PATCH v1 1/1] sql: fix a segfault in hex()
 on receiving zeroblob
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Mergen Imeev via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Mergen Imeev <imeevma@tarantool.org>
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

Thank you for the review! My answers, diff and new patch below.

On Thu, Aug 26, 2021 at 10:31:53PM +0200, Vladislav Shpilevoy wrote:
> Thanks for the patch!
> 
> > diff --git a/src/box/sql/func.c b/src/box/sql/func.c
> > index b137c6125..d182bb313 100644
> > --- a/src/box/sql/func.c
> > +++ b/src/box/sql/func.c
> > @@ -1221,14 +1221,22 @@ hexFunc(sql_context * context, int argc, sql_value ** argv)
> >  	UNUSED_PARAMETER(argc);
> >  	pBlob = mem_as_bin(argv[0]);
> >  	n = mem_len_unsafe(argv[0]);
> > +	assert((argv[0]->flags & MEM_Zero) == 0 ||
> > +	       argv[0]->type == MEM_TYPE_BIN);
> > +	int zero_len = (argv[0]->flags & MEM_Zero) == 0 ? 0 : argv[0]->u.nZero;
> >  	assert(pBlob == mem_as_bin(argv[0]));	/* No encoding change */
> >  	z = zHex = contextMalloc(context, ((i64) n) * 2 + 1);
> >  	if (zHex) {
> > -		for (i = 0; i < n; i++, pBlob++) {
> > +		for (i = 0; i < n - zero_len; i++, pBlob++) {
> >  			unsigned char c = *pBlob;
> >  			*(z++) = hexdigits[(c >> 4) & 0xf];
> >  			*(z++) = hexdigits[c & 0xf];
> >  		}
> > +		for (; i < n; ++i) {
> > +			assert((argv[0]->flags & MEM_Zero) != 0);
> 
> 1. This assert can be out of the loop. It does not depend on z or i.
> 
Actually, it does, since MEM_Zero flag is set only when i < n. Fixed.

> 2. The loop could be replaced with memset().
> 
Thanks, fixed.

> > +			*(z++) = '0';
> > +			*(z++) = '0';
> > +		}

Diff:


diff --git a/src/box/sql/func.c b/src/box/sql/func.c
index d182bb313..3ef31705e 100644
--- a/src/box/sql/func.c
+++ b/src/box/sql/func.c
@@ -1232,12 +1232,10 @@ hexFunc(sql_context * context, int argc, sql_value ** argv)
 			*(z++) = hexdigits[(c >> 4) & 0xf];
 			*(z++) = hexdigits[c & 0xf];
 		}
-		for (; i < n; ++i) {
-			assert((argv[0]->flags & MEM_Zero) != 0);
-			*(z++) = '0';
-			*(z++) = '0';
-		}
-		*z = 0;
+		assert(i == n || (argv[0]->flags & MEM_Zero) != 0);
+		assert(n == zero_len + i);
+		memset(z, '0', 2 * zero_len);
+		z[2 * zero_len] = '\0';
 		sql_result_text(context, zHex, n * 2, sql_free);
 	}
 }


New patch:


commit 3fddf927be4ef819b63e172f29af58ac352da640
Author: Mergen Imeev <imeevma@gmail.com>
Date:   Sun Aug 22 08:05:45 2021 +0300

    sql: fix a segfault in hex() on receiving zeroblob
    
    This patch fixes a segmentation fault when zeroblob is received by the
    SQL built-in HEX() function.
    
    Closes #6113

diff --git a/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md
new file mode 100644
index 000000000..c59be4d96
--- /dev/null
+++ b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md
@@ -0,0 +1,5 @@
+## bugfix/sql
+
+* The HEX() SQL built-in function now does not throw an assert on receiving
+  varbinary values that consist of zero-bytes (gh-6113).
+
diff --git a/src/box/sql/func.c b/src/box/sql/func.c
index b137c6125..3ef31705e 100644
--- a/src/box/sql/func.c
+++ b/src/box/sql/func.c
@@ -1221,15 +1221,21 @@ hexFunc(sql_context * context, int argc, sql_value ** argv)
 	UNUSED_PARAMETER(argc);
 	pBlob = mem_as_bin(argv[0]);
 	n = mem_len_unsafe(argv[0]);
+	assert((argv[0]->flags & MEM_Zero) == 0 ||
+	       argv[0]->type == MEM_TYPE_BIN);
+	int zero_len = (argv[0]->flags & MEM_Zero) == 0 ? 0 : argv[0]->u.nZero;
 	assert(pBlob == mem_as_bin(argv[0]));	/* No encoding change */
 	z = zHex = contextMalloc(context, ((i64) n) * 2 + 1);
 	if (zHex) {
-		for (i = 0; i < n; i++, pBlob++) {
+		for (i = 0; i < n - zero_len; i++, pBlob++) {
 			unsigned char c = *pBlob;
 			*(z++) = hexdigits[(c >> 4) & 0xf];
 			*(z++) = hexdigits[c & 0xf];
 		}
-		*z = 0;
+		assert(i == n || (argv[0]->flags & MEM_Zero) != 0);
+		assert(n == zero_len + i);
+		memset(z, '0', 2 * zero_len);
+		z[2 * zero_len] = '\0';
 		sql_result_text(context, zHex, n * 2, sql_free);
 	}
 }
diff --git a/test/sql-tap/engine.cfg b/test/sql-tap/engine.cfg
index 693a477b7..ddee8c328 100644
--- a/test/sql-tap/engine.cfg
+++ b/test/sql-tap/engine.cfg
@@ -21,6 +21,7 @@
         "memtx": {"engine": "memtx"}
     },
     "gh-4077-iproto-execute-no-bind.test.lua": {},
+    "gh-6113-assert-in-hex-on-zeroblob.test.lua": {},
     "*": {
         "memtx": {"engine": "memtx"},
         "vinyl": {"engine": "vinyl"}
diff --git a/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua b/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua
new file mode 100755
index 000000000..91a29a5b4
--- /dev/null
+++ b/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua
@@ -0,0 +1,13 @@
+#!/usr/bin/env tarantool
+local test = require("sqltester")
+test:plan(1)
+
+test:do_execsql_test(
+    "gh-6113",
+    [[
+        SELECT hex(zeroblob(0)), hex(zeroblob(10));
+    ]], {
+        '', '00000000000000000000'
+    })
+
+test:finish_test()