From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id B20FC6EC55; Fri, 27 Aug 2021 11:26:36 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org B20FC6EC55 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1630052796; bh=u+qeD53NULwDbSzzEvq537GJZrlpm91ktwmYtJuprPA=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=A603ytkXFxRKZ3uGoCh2vfe1kmR98jtF6tTELTVDtuVwv8sU4PDUPMOa2+/a4XPJh nqipzuSufwwJaGzTiRxo6P5W7G5yRrCoHzE9tqPULFb7xZgDnP2P2hN+47ff49CBj2 44mzMSWmgJv/eRAsugknTiKYGDXeyegbN1WcN0ko= Received: from smtpng2.i.mail.ru (smtpng2.i.mail.ru [94.100.179.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 250A56EC55 for ; Fri, 27 Aug 2021 11:26:36 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 250A56EC55 Received: by smtpng2.m.smailru.net with esmtpa (envelope-from ) id 1mJXC7-0006EO-Fm; Fri, 27 Aug 2021 11:26:35 +0300 Date: Fri, 27 Aug 2021 11:26:34 +0300 To: Vladislav Shpilevoy Cc: tarantool-patches@dev.tarantool.org Message-ID: <20210827082634.GA83994@tarantool.org> References: <9f174b3c-31c6-2276-028d-22c6332f42db@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <9f174b3c-31c6-2276-028d-22c6332f42db@tarantool.org> X-4EC0790: 10 X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD92087353F0EC44DD906AB4890CDABF0C5CB76CEE71D3E4007182A05F538085040AA272A3493A709D96ED67791C61650485CE194448A44F4709CF2A1909B3142AA X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7AC4684DF4EC4B256EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F79006373E84C2AB7EADEB148638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D804CA669EB08559EF6DC872CABA8877E0117882F4460429724CE54428C33FAD305F5C1EE8F4F765FCAA867293B0326636D2E47CDBA5A96583BD4B6F7A4D31EC0BC014FD901B82EE079FA2833FD35BB23D27C277FBC8AE2E8BF1175FABE1C0F9B6A471835C12D1D977C4224003CC8364762BB6847A3DEAEFB0F43C7A68FF6260569E8FC8737B5C2249EC8D19AE6D49635B68655334FD4449CB9ECD01F8117BC8BEAAAE862A0553A39223F8577A6DFFEA7CFA80D66F452D417A43847C11F186F3C59DAA53EE0834AAEE X-C1DE0DAB: 0D63561A33F958A58A326A1FFAB286B1655C2662E84F3B91BE4E1F89DC54611ED59269BC5F550898D99A6476B3ADF6B47008B74DF8BB9EF7333BD3B22AA88B938A852937E12ACA756665624D6DDF07B5410CA545F18667F91A7EA1CDA0B5A7A0 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34A5970F8A4685C8AB05C03B9BC888BB1727172EA6E452327D363D8784896B217DDF1B7142C64229B01D7E09C32AA3244C7EA55D7FDCBD2CC447B769AD9368ED7B3E8609A02908F271729B2BEF169E0186 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj+bzRAXO2P1S1XSpltnBFpA== X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5D5E10501218B63B0DE9D5E1AB9A8ABDC083D72C36FC87018B9F80AB2734326CD2FB559BB5D741EB96352A0ABBE4FDA4210A04DAD6CC59E33667EA787935ED9F1B X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH v1 1/1] sql: fix a segfault in hex() on receiving zeroblob X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Mergen Imeev via Tarantool-patches Reply-To: Mergen Imeev Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" Thank you for the review! My answers, diff and new patch below. On Thu, Aug 26, 2021 at 10:42:00PM +0200, Vladislav Shpilevoy wrote: > Thanks for the patch! > > See 2 comments below. > > > diff --git a/src/box/sql/func.c b/src/box/sql/func.c > > index c063552d6..2ff368dc7 100644 > > --- a/src/box/sql/func.c > > +++ b/src/box/sql/func.c > > @@ -53,6 +53,49 @@ > > +/** Implementation of the HEX() SQL built-in function. */ > > +static void > > +func_hex(struct sql_context *ctx, int argc, struct Mem **argv) > > +{ > > + assert(argc == 1); > > + (void)argc; > > + if (argv[0]->type == MEM_TYPE_NULL) > > + return mem_set_null(ctx->pOut); > > + > > + assert(argv[0]->type == MEM_TYPE_BIN && argv[0]->n >= 0); > > + assert((argv[0]->flags & MEM_Zero) == 0 || argv[0]->u.nZero >= 0); > > + uint32_t size = 2 * argv[0]->n; > > + if ((argv[0]->flags & MEM_Zero) != 0) > > + size += 2 * argv[0]->u.nZero; > > + if (size == 0) > > + return mem_set_str0_static(ctx->pOut, ""); > > + > > + char *str = sqlDbMallocRawNN(sql_get(), size); > > + if (str == NULL) { > > + ctx->is_aborted = true; > > + return; > > + } > > + for (int i = 0; i < argv[0]->n; ++i) { > > + char c = argv[0]->z[i]; > > + str[2 * i] = hexdigits[(c >> 4) & 0xf]; > > + str[2 * i + 1] = hexdigits[c & 0xf]; > > + } > > + if ((argv[0]->flags & MEM_Zero) != 0) { > > + for (int i = 0; i < argv[0]->u.nZero; ++i) { > > + int j = argv[0]->n + i; > > + str[2 * j] = '0'; > > + str[2 * j + 1] = '0'; > > 1. The same as for the patch for 2.8 branch. > Fixed. > > + } > > + } > > + mem_set_str_allocated(ctx->pOut, str, size); > > +} > > @@ -2034,7 +2042,7 @@ static struct sql_func_definition definitions[] = { > > {"GROUP_CONCAT", 2, {FIELD_TYPE_VARBINARY, FIELD_TYPE_VARBINARY}, > > FIELD_TYPE_VARBINARY, groupConcatStep, groupConcatFinalize}, > > > > - {"HEX", 1, {FIELD_TYPE_VARBINARY}, FIELD_TYPE_STRING, hexFunc, NULL}, > > + {"HEX", 1, {FIELD_TYPE_VARBINARY}, FIELD_TYPE_STRING, func_hex, NULL}, > > 2. What is the final name pattern? I see among new function names > > - trim_func - 'func' suffix > > - sql_func_uuid, sql_func_version - 'sql_func' prefix > > - sql_builtin_stub - 'sql' prefix > > - sum_step - no prefixes or suffixes > > now you add a fifth way: > > - func_hex - 'func' prefix. > > I suggest to choose one way to use for all new function names. I see no need for 'sql_' prefix since these functions will be static. I plan to use 'func_' prefix for usual functions, 'step_' for aggregate step-functions and 'fin_' for finalize functions. Most of functions I plan to rewrite during few weeks. Diff: diff --git a/src/box/sql/func.c b/src/box/sql/func.c index 2ff368dc7..fa2a2c245 100644 --- a/src/box/sql/func.c +++ b/src/box/sql/func.c @@ -86,13 +86,8 @@ func_hex(struct sql_context *ctx, int argc, struct Mem **argv) str[2 * i] = hexdigits[(c >> 4) & 0xf]; str[2 * i + 1] = hexdigits[c & 0xf]; } - if ((argv[0]->flags & MEM_Zero) != 0) { - for (int i = 0; i < argv[0]->u.nZero; ++i) { - int j = argv[0]->n + i; - str[2 * j] = '0'; - str[2 * j + 1] = '0'; - } - } + if ((argv[0]->flags & MEM_Zero) != 0) + memset(&str[2 * argv[0]->n], '0', 2 * argv[0]->u.nZero); mem_set_str_allocated(ctx->pOut, str, size); } New patch: commit cded1126f703416c526bc7e9a6992dde8f52e58e Author: Mergen Imeev Date: Sun Aug 22 08:05:45 2021 +0300 sql: fix a segfault in hex() on receiving zeroblob This patch fixes a segmentation fault when zeroblob is received by the SQL built-in HEX() function. Closes #6113 diff --git a/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md new file mode 100644 index 000000000..c59be4d96 --- /dev/null +++ b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md @@ -0,0 +1,5 @@ +## bugfix/sql + +* The HEX() SQL built-in function now does not throw an assert on receiving + varbinary values that consist of zero-bytes (gh-6113). + diff --git a/src/box/sql/func.c b/src/box/sql/func.c index c063552d6..fa2a2c245 100644 --- a/src/box/sql/func.c +++ b/src/box/sql/func.c @@ -53,6 +53,44 @@ static struct mh_strnptr_t *built_in_functions = NULL; static struct func_sql_builtin **functions; +/** Array for converting from half-bytes into ASCII hex digits. */ +static const char hexdigits[] = { + '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' +}; + +/** Implementation of the HEX() SQL built-in function. */ +static void +func_hex(struct sql_context *ctx, int argc, struct Mem **argv) +{ + assert(argc == 1); + (void)argc; + if (argv[0]->type == MEM_TYPE_NULL) + return mem_set_null(ctx->pOut); + + assert(argv[0]->type == MEM_TYPE_BIN && argv[0]->n >= 0); + assert((argv[0]->flags & MEM_Zero) == 0 || argv[0]->u.nZero >= 0); + uint32_t size = 2 * argv[0]->n; + if ((argv[0]->flags & MEM_Zero) != 0) + size += 2 * argv[0]->u.nZero; + if (size == 0) + return mem_set_str0_static(ctx->pOut, ""); + + char *str = sqlDbMallocRawNN(sql_get(), size); + if (str == NULL) { + ctx->is_aborted = true; + return; + } + for (int i = 0; i < argv[0]->n; ++i) { + char c = argv[0]->z[i]; + str[2 * i] = hexdigits[(c >> 4) & 0xf]; + str[2 * i + 1] = hexdigits[c & 0xf]; + } + if ((argv[0]->flags & MEM_Zero) != 0) + memset(&str[2 * argv[0]->n], '0', 2 * argv[0]->u.nZero); + mem_set_str_allocated(ctx->pOut, str, size); +} + static const unsigned char * mem_as_ustr(struct Mem *mem) { @@ -1072,14 +1110,6 @@ sql_func_version(struct sql_context *context, sql_result_text(context, tarantool_version(), -1, SQL_STATIC); } -/* Array for converting from half-bytes (nybbles) into ASCII hex - * digits. - */ -static const char hexdigits[] = { - '0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' -}; - /* * Implementation of the QUOTE() function. This function takes a single * argument. If the argument is numeric, the return value is the same as @@ -1233,33 +1263,6 @@ charFunc(sql_context * context, int argc, sql_value ** argv) sql_result_text64(context, (char *)z, zOut - z, sql_free); } -/* - * The hex() function. Interpret the argument as a blob. Return - * a hexadecimal rendering as text. - */ -static void -hexFunc(sql_context * context, int argc, sql_value ** argv) -{ - int i, n; - const unsigned char *pBlob; - char *zHex, *z; - assert(argc == 1); - UNUSED_PARAMETER(argc); - pBlob = mem_as_bin(argv[0]); - n = mem_len_unsafe(argv[0]); - assert(pBlob == mem_as_bin(argv[0])); /* No encoding change */ - z = zHex = contextMalloc(context, ((i64) n) * 2 + 1); - if (zHex) { - for (i = 0; i < n; i++, pBlob++) { - unsigned char c = *pBlob; - *(z++) = hexdigits[(c >> 4) & 0xf]; - *(z++) = hexdigits[c & 0xf]; - } - *z = 0; - sql_result_text(context, zHex, n * 2, sql_free); - } -} - /* * The zeroblob(N) function returns a zero-filled blob of size N bytes. */ @@ -2034,7 +2037,7 @@ static struct sql_func_definition definitions[] = { {"GROUP_CONCAT", 2, {FIELD_TYPE_VARBINARY, FIELD_TYPE_VARBINARY}, FIELD_TYPE_VARBINARY, groupConcatStep, groupConcatFinalize}, - {"HEX", 1, {FIELD_TYPE_VARBINARY}, FIELD_TYPE_STRING, hexFunc, NULL}, + {"HEX", 1, {FIELD_TYPE_VARBINARY}, FIELD_TYPE_STRING, func_hex, NULL}, {"IFNULL", 2, {FIELD_TYPE_ANY, FIELD_TYPE_ANY}, FIELD_TYPE_SCALAR, sql_builtin_stub, NULL}, diff --git a/test/sql-tap/engine.cfg b/test/sql-tap/engine.cfg index 35754f769..664cfdd77 100644 --- a/test/sql-tap/engine.cfg +++ b/test/sql-tap/engine.cfg @@ -35,6 +35,7 @@ "built-in-functions.test.lua": { "memtx": {"engine": "memtx"} }, + "gh-6113-assert-in-hex-on-zeroblob.test.lua": {}, "gh-4077-iproto-execute-no-bind.test.lua": {}, "*": { "memtx": {"engine": "memtx"}, diff --git a/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua b/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua new file mode 100755 index 000000000..91a29a5b4 --- /dev/null +++ b/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua @@ -0,0 +1,13 @@ +#!/usr/bin/env tarantool +local test = require("sqltester") +test:plan(1) + +test:do_execsql_test( + "gh-6113", + [[ + SELECT hex(zeroblob(0)), hex(zeroblob(10)); + ]], { + '', '00000000000000000000' + }) + +test:finish_test()