From: Chris Sosnin <k.sosnin@tarantool.org> To: tarantool-patches@dev.tarantool.org Subject: [Tarantool-patches] [PATCH 2/2] tuple: add argument length check for update() Date: Fri, 10 Jan 2020 10:28:26 +0300 [thread overview] Message-ID: <60eeea2fda401b529c78ce139fa05df18f1a12f0.1578640624.git.k.sosnin@tarantool.org> (raw) In-Reply-To: <cover.1578640624.git.k.sosnin@tarantool.org> Currently tuple_object:update() does not check the length of operation string and just takes the first character after decoding. This patch fixes this problem. Follow-up #3884 --- src/box/xrow_update_field.c | 13 ++++++++----- test/box/update.result | 12 ++++++++++++ test/box/update.test.lua | 3 +++ 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/src/box/xrow_update_field.c b/src/box/xrow_update_field.c index deee91738..7c0f5fb5e 100644 --- a/src/box/xrow_update_field.c +++ b/src/box/xrow_update_field.c @@ -595,9 +595,11 @@ static const struct xrow_update_op_meta op_delete = { }; static inline const struct xrow_update_op_meta * -xrow_update_op_by(char opcode, int op_num) +xrow_update_op_by(const char *opcode, uint32_t len, int op_num) { - switch (opcode) { + if (len != 1) + goto error; + switch (*opcode) { case '=': return &op_set; case '+': @@ -618,7 +620,7 @@ xrow_update_op_by(char opcode, int op_num) } error: diag_set(ClientError, ER_UNKNOWN_UPDATE_OP, op_num, - tt_sprintf("\"%c\"", opcode)); + tt_sprintf("\"%.*s\"", len, opcode)); return NULL; } @@ -659,10 +661,11 @@ xrow_update_op_decode(struct xrow_update_op *op, int op_num, int index_base, "update operation name must be a string"); return -1; } - op->opcode = *mp_decode_str(expr, &len); - op->meta = xrow_update_op_by(op->opcode, op_num); + const char *opcode = mp_decode_str(expr, &len); + op->meta = xrow_update_op_by(opcode, len, op_num); if (op->meta == NULL) return -1; + op->opcode = *opcode; if (arg_count != op->meta->arg_count) { const char *str = tt_sprintf("wrong number of arguments, "\ "expected %u, got %u", diff --git a/test/box/update.result b/test/box/update.result index 7fc0b02c6..28ba47831 100644 --- a/test/box/update.result +++ b/test/box/update.result @@ -834,6 +834,18 @@ s:update({0}, {{'+', 0}}) - error: 'Unknown UPDATE operation #1: wrong number of arguments, expected 3, got 2' ... +s:update({0}, {{'', 2, 1}}) +--- +- error: 'Unknown UPDATE operation #1: ""' +... +s:update({0}, {{'more than 1 character', 2, 1}}) +--- +- error: 'Unknown UPDATE operation #1: "more than 1 character"' +... +s:update({0}, {{'same as previous'}}) +--- +- error: 'Unknown UPDATE operation #1: "same as previous"' +... s:update({0}, {{'+', '+', '+'}}) --- - error: 'Field ''+'' UPDATE error: invalid JSON in position 1' diff --git a/test/box/update.test.lua b/test/box/update.test.lua index 6e8dbd642..314ebef05 100644 --- a/test/box/update.test.lua +++ b/test/box/update.test.lua @@ -252,6 +252,9 @@ s:update({0}, {'+', 2, 2}) s:update({0}, {{}}) s:update({0}, {{'+'}}) s:update({0}, {{'+', 0}}) +s:update({0}, {{'', 2, 1}}) +s:update({0}, {{'more than 1 character', 2, 1}}) +s:update({0}, {{'same as previous'}}) s:update({0}, {{'+', '+', '+'}}) s:update({0}, {{0, 0, 0}}) -- 2.21.0 (Apple Git-122.2)
next prev parent reply other threads:[~2020-01-10 7:28 UTC|newest] Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-01-10 7:28 [Tarantool-patches] [PATCH 0/2] tuple: fixes " Chris Sosnin 2020-01-10 7:28 ` [Tarantool-patches] [PATCH 1/2] tuple: fix non-informative update() error message Chris Sosnin 2020-01-10 7:28 ` Chris Sosnin [this message] 2020-01-13 14:18 ` [Tarantool-patches] [PATCH 0/2] tuple: fixes for update() Kirill Yukhin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=60eeea2fda401b529c78ce139fa05df18f1a12f0.1578640624.git.k.sosnin@tarantool.org \ --to=k.sosnin@tarantool.org \ --cc=tarantool-patches@dev.tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH 2/2] tuple: add argument length check for update()' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox