From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id A554E6EC55; Mon, 6 Sep 2021 12:45:31 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org A554E6EC55 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1630921531; bh=IQ0AmriKOKCqcG+u4+WssbyFmSQPuhwik+77m5cJ7Ac=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=NMYG+kjmoFSgglomKBxyjvPT/L5jMYsExlaiP8Pp6j6s4kUoVB97bf8ei1EQznZNr jRvhsUVMfwR8+fWo9vu0allIVyxRlLd0OPkCy9B6POso1FuFIBOM6VwDErEolVKZM8 EpG4/WdiFm6HKEx6ssGxaA3kHd9aA6OLfaFdymZ4= Received: from smtpng1.i.mail.ru (smtpng1.i.mail.ru [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 746BB6EC55 for ; Mon, 6 Sep 2021 12:45:30 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 746BB6EC55 Received: by smtpng1.m.smailru.net with esmtpa (envelope-from ) id 1mNBBx-0006wV-EB; Mon, 06 Sep 2021 12:45:30 +0300 Date: Mon, 6 Sep 2021 12:45:28 +0300 To: Safin Timur Cc: tarantool-patches@dev.tarantool.org Message-ID: <20210906094528.GA24664@tarantool.org> References: <9ec7b38b0979cb2e9ac6cb6b8f2e405c313a67f9.1630305008.git.imeevma@gmail.com> <017001d79e9e$f9d5f8d0$ed81ea70$@tarantool.org> <20210901084450.GA111802@tarantool.org> <73f26e5c-9374-682a-5787-0da49b32953c@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <73f26e5c-9374-682a-5787-0da49b32953c@tarantool.org> X-4EC0790: 10 X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD9D96C1EA41D18F4D5E267050317C242BB27DD410512DDC118182A05F53808504012D6ACA77122B046BA2F899AF88B44584E78C0F31FB4F11F9AB303E3CFE8D3CF X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE779AAD18609327F83EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637BEEB0D1ADA650026EA1F7E6F0F101C6723150C8DA25C47586E58E00D9D99D84E1BDDB23E98D2D38BBCA57AF85F7723F201978D0CE3AE20A1308275A1B98889DBCC7F00164DA146DAFE8445B8C89999728AA50765F790063783E00425F71A4181389733CBF5DBD5E9C8A9BA7A39EFB766F5D81C698A659EA7CC7F00164DA146DA9985D098DBDEAEC81D471462564A2E19F6B57BC7E6449061A352F6E88A58FB86F5D81C698A659EA7E827F84554CEF5019E625A9149C048EE9ECD01F8117BC8BEE2021AF6380DFAD18AA50765F790063735872C767BF85DA227C277FBC8AE2E8BDCE939D40DBB93CA75ECD9A6C639B01B4E70A05D1297E1BBCB5012B2E24CD356 X-C1DE0DAB: 0D63561A33F958A5258D5C4CF182517AD684E253432241A2EF47E7D620A1B304D59269BC5F550898D99A6476B3ADF6B47008B74DF8BB9EF7333BD3B22AA88B938A852937E12ACA752546FE575EB473F1410CA545F18667F91A7EA1CDA0B5A7A0 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34AA8975497C7004E89A2A49CF182D452222EAABC9E8E04FDD8BA2CDD7EA8CC135722F53B1D242721D1D7E09C32AA3244CC6B8762D136F1A6B221D32961F2F722F795D98D676DD64D0729B2BEF169E0186 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj2BdsxQzaueVIOCqQE3Y2Aw== X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5D28B585461E50237313B99478AE66AA4883D72C36FC87018B9F80AB2734326CD2FB559BB5D741EB96352A0ABBE4FDA4210A04DAD6CC59E33667EA787935ED9F1B X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH v1 1/1] sql: fix a segfault in hex() on receiving zeroblob X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Mergen Imeev via Tarantool-patches Reply-To: Mergen Imeev Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" Hi! Thank you for the review! My answer below. On Fri, Sep 03, 2021 at 10:19:56PM +0300, Safin Timur wrote: > > > On 01.09.2021 11:44, Mergen Imeev wrote: > > Hi! Thank you for the review. My answers below. > > > > On Tue, Aug 31, 2021 at 10:32:46PM +0300, Timur Safin wrote: > > > I may miss something obvious, but prior version of a code > > > with pBlob and n was much shorter, compacter and more readable. > > > I'm curious, why do you prefer to always use argv[0]->n and > > > argv[0]->z instead? > > > > > If we talk about the old function, then it really looks simpler. However, it did > > not work correctly and also made some unnecessary changes to the arguments. You > > can compare to the fixed version of old function on this branch: > > imeevma/gh-6113-fix-hex-segfault-2.8 (which I also sent you for review). You will > > see much less difference there. > > I meant that newer code was a little bit .. mouthful, with unnecessary code > substitution and visual noise which harmed readability. Here is an example > of version which is not using argv[0]->.. wherever we refer to fields. > > ---------------------------------------------------- > /** Implementation of the HEX() SQL built-in function. */ > static void > func_hex(struct sql_context *ctx, int argc, struct Mem **argv) > { > assert(argc == 1); > (void)argc; > if (argv[0]->type == MEM_TYPE_NULL) > return mem_set_null(ctx->pOut); > > int n = argv[0]->n; > int zero_len = argv[0]->u.nZero; I believe you cannot use undefined value. > assert(argv[0]->type == MEM_TYPE_BIN && n >= 0); > assert((argv[0]->flags & MEM_Zero) == 0 || zero_len >= 0); > > uint32_t size = 2 * n; > if ((argv[0]->flags & MEM_Zero) != 0) > size += 2 * zero_len; > if (size == 0) > return mem_set_str0_static(ctx->pOut, ""); > > char *str = sqlDbMallocRawNN(sql_get(), size); > if (str == NULL) { > ctx->is_aborted = true; > return; > } > for (int i = 0; i < n; ++i) { > char c = argv[0]->z[i]; > str[2 * i] = hexdigits[(c >> 4) & 0xf]; > str[2 * i + 1] = hexdigits[c & 0xf]; > } > if ((argv[0]->flags & MEM_Zero) != 0) > memset(&str[2 * n], '0', 2 * zero_len); > mem_set_str_allocated(ctx->pOut, str, size); > } > > ---------------------------------------------------- > > It's more resembling original code (and that was done intentionally). > I don't like that you define a variable with an undefined value in some cases. I would introduce some new variables if there was some complicated logic, however I don't see the need to do this here since I don't see complex expressions. > Also (and I didn't change it in the sample) there is apparent missing check > for SQL_LIMIT_LENGTH limit which used to be done in contextMalloc() before, > but now is missing once we use sqlDbMallocRawNN(). I assume we better return > this check (once again as a proper wrapper which contextMalloc() essentially > was). > This will be verified in VDBE. I think it is better to have such a check centralized for all functions. > > > > > Also, it seems to me we better to limit the number of bytes customer > > > may request to allocate from HEX()? What about to check against SQL_LIMIT_LENGTH? > > > > > This check is performed in the OP_BuiltinFunction opcode. > > That's nice, so it's not a problem then. > > > > > > Thanks, > > > Timur > > > > > > > -----Original Message----- > > > > From: imeevma@tarantool.org > > > > Sent: Monday, August 30, 2021 9:31 AM > > > > To: tsafin@tarantool.org > > > > Cc: tarantool-patches@dev.tarantool.org > > > > Subject: [PATCH v1 1/1] sql: fix a segfault in hex() on receiving > > > > zeroblob > > > > > > > > This patch fixes a segmentation fault when zeroblob is received by > > > > the > > > > SQL built-in HEX() function. > > > > > > > > Closes #6113 > > > > --- > > > > https://github.com/tarantool/tarantool/issues/6113 > > > > https://github.com/tarantool/tarantool/tree/imeevma/gh-6113-fix-hex- > > > > segfault-2.10 > > > > > > > > .../gh-6113-fix-segfault-in-hex-func.md | 5 ++ > > > > src/box/sql/func.c | 75 ++++++++++------- > > > > -- > > > > test/sql-tap/engine.cfg | 1 + > > > > ...gh-6113-assert-in-hex-on-zeroblob.test.lua | 13 ++++ > > > > 4 files changed, 58 insertions(+), 36 deletions(-) > > > > create mode 100644 changelogs/unreleased/gh-6113-fix-segfault-in- > > > > hex-func.md > > > > create mode 100755 test/sql-tap/gh-6113-assert-in-hex-on- > > > > zeroblob.test.lua > > > > > > > > diff --git a/changelogs/unreleased/gh-6113-fix-segfault-in-hex- > > > > func.md b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md > > > > new file mode 100644 > > > > index 000000000..c59be4d96 > > > > --- /dev/null > > > > +++ b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md > > > > @@ -0,0 +1,5 @@ > > > > +## bugfix/sql > > > > + > > > > +* The HEX() SQL built-in function now does not throw an assert on > > > > receiving > > > > + varbinary values that consist of zero-bytes (gh-6113). > > > > + > > > > diff --git a/src/box/sql/func.c b/src/box/sql/func.c > > > > index c063552d6..fa2a2c245 100644 > > > > --- a/src/box/sql/func.c > > > > +++ b/src/box/sql/func.c > > > > @@ -53,6 +53,44 @@ > > > > static struct mh_strnptr_t *built_in_functions = NULL; > > > > static struct func_sql_builtin **functions; > > > > > > > > +/** Array for converting from half-bytes into ASCII hex digits. */ > > > > +static const char hexdigits[] = { > > > > + '0', '1', '2', '3', '4', '5', '6', '7', > > > > + '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' > > > > +}; > > > > + > > > > +/** Implementation of the HEX() SQL built-in function. */ > > > > +static void > > > > +func_hex(struct sql_context *ctx, int argc, struct Mem **argv) > > > > +{ > > > > + assert(argc == 1); > > > > + (void)argc; > > > > + if (argv[0]->type == MEM_TYPE_NULL) > > > > + return mem_set_null(ctx->pOut); > > > > + > > > > + assert(argv[0]->type == MEM_TYPE_BIN && argv[0]->n >= 0); > > > > + assert((argv[0]->flags & MEM_Zero) == 0 || argv[0]->u.nZero >= > > > > 0); > > > > + uint32_t size = 2 * argv[0]->n; > > > > + if ((argv[0]->flags & MEM_Zero) != 0) > > > > + size += 2 * argv[0]->u.nZero; > > > > + if (size == 0) > > > > + return mem_set_str0_static(ctx->pOut, ""); > > > > + > > > > + char *str = sqlDbMallocRawNN(sql_get(), size); > > > > + if (str == NULL) { > > > > + ctx->is_aborted = true; > > > > + return; > > > > + } > > > > + for (int i = 0; i < argv[0]->n; ++i) { > > > > + char c = argv[0]->z[i]; > > > > + str[2 * i] = hexdigits[(c >> 4) & 0xf]; > > > > + str[2 * i + 1] = hexdigits[c & 0xf]; > > > > + } > > > > + if ((argv[0]->flags & MEM_Zero) != 0) > > > > + memset(&str[2 * argv[0]->n], '0', 2 * argv[0]->u.nZero); > > > > + mem_set_str_allocated(ctx->pOut, str, size); > > > > +} > > > > + > > > > static const unsigned char * > > > > mem_as_ustr(struct Mem *mem) > > > > { > > > > @@ -1072,14 +1110,6 @@ sql_func_version(struct sql_context *context, > > > > sql_result_text(context, tarantool_version(), -1, SQL_STATIC); > > > > } > > > > > > > > -/* Array for converting from half-bytes (nybbles) into ASCII hex > > > > - * digits. > > > > - */ > > > > -static const char hexdigits[] = { > > > > - '0', '1', '2', '3', '4', '5', '6', '7', > > > > - '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' > > > > -}; > > > > - > > > > /* > > > > * Implementation of the QUOTE() function. This function takes a > > > > single > > > > * argument. If the argument is numeric, the return value is the > > > > same as > > > > @@ -1233,33 +1263,6 @@ charFunc(sql_context * context, int argc, > > > > sql_value ** argv) > > > > sql_result_text64(context, (char *)z, zOut - z, sql_free); > > > > } > > > > > > > > -/* > > > > - * The hex() function. Interpret the argument as a blob. Return > > > > - * a hexadecimal rendering as text. > > > > - */ > > > > -static void > > > > -hexFunc(sql_context * context, int argc, sql_value ** argv) > > > > -{ > > > > - int i, n; > > > > - const unsigned char *pBlob; > > > > - char *zHex, *z; > > > > - assert(argc == 1); > > > > - UNUSED_PARAMETER(argc); > > > > - pBlob = mem_as_bin(argv[0]); > > > > - n = mem_len_unsafe(argv[0]); > > > > - assert(pBlob == mem_as_bin(argv[0])); /* No encoding change */ > > > > - z = zHex = contextMalloc(context, ((i64) n) * 2 + 1); > > > > - if (zHex) { > > > > - for (i = 0; i < n; i++, pBlob++) { > > > > - unsigned char c = *pBlob; > > > > - *(z++) = hexdigits[(c >> 4) & 0xf]; > > > > - *(z++) = hexdigits[c & 0xf]; > > > > - } > > > > - *z = 0; > > > > - sql_result_text(context, zHex, n * 2, sql_free); > > > > - } > > > > -} > > > > - > > > > /* > > > > * The zeroblob(N) function returns a zero-filled blob of size N > > > > bytes. > > > > */ > > > > @@ -2034,7 +2037,7 @@ static struct sql_func_definition definitions[] > > > > = { > > > > {"GROUP_CONCAT", 2, {FIELD_TYPE_VARBINARY, > > > > FIELD_TYPE_VARBINARY}, > > > > FIELD_TYPE_VARBINARY, groupConcatStep, groupConcatFinalize}, > > > > > > > > - {"HEX", 1, {FIELD_TYPE_VARBINARY}, FIELD_TYPE_STRING, hexFunc, > > > > NULL}, > > > > + {"HEX", 1, {FIELD_TYPE_VARBINARY}, FIELD_TYPE_STRING, func_hex, > > > > NULL}, > > > > {"IFNULL", 2, {FIELD_TYPE_ANY, FIELD_TYPE_ANY}, > > > > FIELD_TYPE_SCALAR, > > > > sql_builtin_stub, NULL}, > > > > > > Regards, > Timur