From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 459D66F3F2; Fri, 3 Sep 2021 22:20:00 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 459D66F3F2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1630696800; bh=5dd2V1FiEl0vfwJQD/ez9WvgIvsP3otNFppNhtzgxmk=; h=To:Cc:References:Date:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=IJnbhWMaWP1PLKneIR1VEfLCQ5w9fdlP0n9Dl+fehFm/7LiqbvX+Yuv7xmchPyCu3 a/yL35CaF0qpU+3fMyVyOWmRn189evjdK3ipYXw/QGCeFMRprxr1+i5SdDQKsufmPr igthHXlyKH7I520X2jHXEX1deaRKtGL8Xp2VecQM= Received: from smtp40.i.mail.ru (smtp40.i.mail.ru [94.100.177.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 0549D6F3F2 for ; Fri, 3 Sep 2021 22:19:57 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 0549D6F3F2 Received: by smtp40.i.mail.ru with esmtpa (envelope-from ) id 1mMEjF-0006QR-1i; Fri, 03 Sep 2021 22:19:57 +0300 To: Mergen Imeev Cc: tarantool-patches@dev.tarantool.org References: <9ec7b38b0979cb2e9ac6cb6b8f2e405c313a67f9.1630305008.git.imeevma@gmail.com> <017001d79e9e$f9d5f8d0$ed81ea70$@tarantool.org> <20210901084450.GA111802@tarantool.org> Message-ID: <73f26e5c-9374-682a-5787-0da49b32953c@tarantool.org> Date: Fri, 3 Sep 2021 22:19:56 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <20210901084450.GA111802@tarantool.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD9D96C1EA41D18F4D5024F685B875086397E6085D2F3B7D615182A05F538085040D1545C3ECC2C28E73EAA4EF0BBF6B084CC5690FFE64DB3A31C61001D09DA9132 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE705B093C0FC4B30B9EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F79006373880C950E4B364568638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D81D37696A25B8EC16BF87260FF3F34612117882F4460429724CE54428C33FAD305F5C1EE8F4F765FCF1175FABE1C0F9B6A471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352033AC447995A7AD182CC0D3CB04F14752D2E47CDBA5A96583BA9C0B312567BB2376E601842F6C81A19E625A9149C048EE437C869540D2AB0FB1CA5D0BF4193578D8FC6C240DEA7642DBF02ECDB25306B2B78CF848AE20165D0A6AB1C7CE11FEE3A7DFDF579AB090EF040F9FF01DFDA4A8C4224003CC836476EA7A3FFF5B025636E2021AF6380DFAD1A18204E546F3947CB11811A4A51E3B096D1867E19FE1407959CC434672EE6371089D37D7C0E48F6C8AA50765F79006377F02F59195295693EFF80C71ABB335746BA297DBC24807EABDAD6C7F3747799A X-B7AD71C0: AC4F5C86D027EB782CDD5689AFBDA7A213B5FB47DCBC3458F0AFF96BAACF4158235E5A14AD4A4A4625E192CAD1D9E79DB8BF922E402C092CCC0D87D8B8D47F50 X-C1DE0DAB: 0D63561A33F958A5773272A61F195C8E6753EEEF96BE08DC11B999DAA8A31ABDD59269BC5F550898D99A6476B3ADF6B47008B74DF8BB9EF7333BD3B22AA88B938A852937E12ACA752546FE575EB473F1410CA545F18667F91A7EA1CDA0B5A7A0 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D3454CC76E5F54B410CB4F1F848FC426DB0E44EA8A650809022836ED2C549A5D8A5AC937ECBDD9B8F161D7E09C32AA3244CEAB28839A0B13C03E8A4CFFAE51FE77F39C99C45E8D137E9729B2BEF169E0186 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioja9FuITQvsRp17vt0PRgx2Q== X-Mailru-Sender: 6CA451E36783D721CBEA96CEA26D325D9023A60DD030165C40219A214CDC5AA3B7CBEF92542CD7C82F97C478340294DCC77752E0C033A69E0F0C7111264B8915FF1320A92A5534336C18EFA0BB12DBB0 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH v1 1/1] sql: fix a segfault in hex() on receiving zeroblob X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Safin Timur via Tarantool-patches Reply-To: Safin Timur Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" On 01.09.2021 11:44, Mergen Imeev wrote: > Hi! Thank you for the review. My answers below. > > On Tue, Aug 31, 2021 at 10:32:46PM +0300, Timur Safin wrote: >> I may miss something obvious, but prior version of a code >> with pBlob and n was much shorter, compacter and more readable. >> I'm curious, why do you prefer to always use argv[0]->n and >> argv[0]->z instead? >> > If we talk about the old function, then it really looks simpler. However, it did > not work correctly and also made some unnecessary changes to the arguments. You > can compare to the fixed version of old function on this branch: > imeevma/gh-6113-fix-hex-segfault-2.8 (which I also sent you for review). You will > see much less difference there. I meant that newer code was a little bit .. mouthful, with unnecessary code substitution and visual noise which harmed readability. Here is an example of version which is not using argv[0]->.. wherever we refer to fields. ---------------------------------------------------- /** Implementation of the HEX() SQL built-in function. */ static void func_hex(struct sql_context *ctx, int argc, struct Mem **argv) { assert(argc == 1); (void)argc; if (argv[0]->type == MEM_TYPE_NULL) return mem_set_null(ctx->pOut); int n = argv[0]->n; int zero_len = argv[0]->u.nZero; assert(argv[0]->type == MEM_TYPE_BIN && n >= 0); assert((argv[0]->flags & MEM_Zero) == 0 || zero_len >= 0); uint32_t size = 2 * n; if ((argv[0]->flags & MEM_Zero) != 0) size += 2 * zero_len; if (size == 0) return mem_set_str0_static(ctx->pOut, ""); char *str = sqlDbMallocRawNN(sql_get(), size); if (str == NULL) { ctx->is_aborted = true; return; } for (int i = 0; i < n; ++i) { char c = argv[0]->z[i]; str[2 * i] = hexdigits[(c >> 4) & 0xf]; str[2 * i + 1] = hexdigits[c & 0xf]; } if ((argv[0]->flags & MEM_Zero) != 0) memset(&str[2 * n], '0', 2 * zero_len); mem_set_str_allocated(ctx->pOut, str, size); } ---------------------------------------------------- It's more resembling original code (and that was done intentionally). Also (and I didn't change it in the sample) there is apparent missing check for SQL_LIMIT_LENGTH limit which used to be done in contextMalloc() before, but now is missing once we use sqlDbMallocRawNN(). I assume we better return this check (once again as a proper wrapper which contextMalloc() essentially was). > >> Also, it seems to me we better to limit the number of bytes customer >> may request to allocate from HEX()? What about to check against SQL_LIMIT_LENGTH? >> > This check is performed in the OP_BuiltinFunction opcode. That's nice, so it's not a problem then. > >> Thanks, >> Timur >> >>> -----Original Message----- >>> From: imeevma@tarantool.org >>> Sent: Monday, August 30, 2021 9:31 AM >>> To: tsafin@tarantool.org >>> Cc: tarantool-patches@dev.tarantool.org >>> Subject: [PATCH v1 1/1] sql: fix a segfault in hex() on receiving >>> zeroblob >>> >>> This patch fixes a segmentation fault when zeroblob is received by >>> the >>> SQL built-in HEX() function. >>> >>> Closes #6113 >>> --- >>> https://github.com/tarantool/tarantool/issues/6113 >>> https://github.com/tarantool/tarantool/tree/imeevma/gh-6113-fix-hex- >>> segfault-2.10 >>> >>> .../gh-6113-fix-segfault-in-hex-func.md | 5 ++ >>> src/box/sql/func.c | 75 ++++++++++------- >>> -- >>> test/sql-tap/engine.cfg | 1 + >>> ...gh-6113-assert-in-hex-on-zeroblob.test.lua | 13 ++++ >>> 4 files changed, 58 insertions(+), 36 deletions(-) >>> create mode 100644 changelogs/unreleased/gh-6113-fix-segfault-in- >>> hex-func.md >>> create mode 100755 test/sql-tap/gh-6113-assert-in-hex-on- >>> zeroblob.test.lua >>> >>> diff --git a/changelogs/unreleased/gh-6113-fix-segfault-in-hex- >>> func.md b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md >>> new file mode 100644 >>> index 000000000..c59be4d96 >>> --- /dev/null >>> +++ b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md >>> @@ -0,0 +1,5 @@ >>> +## bugfix/sql >>> + >>> +* The HEX() SQL built-in function now does not throw an assert on >>> receiving >>> + varbinary values that consist of zero-bytes (gh-6113). >>> + >>> diff --git a/src/box/sql/func.c b/src/box/sql/func.c >>> index c063552d6..fa2a2c245 100644 >>> --- a/src/box/sql/func.c >>> +++ b/src/box/sql/func.c >>> @@ -53,6 +53,44 @@ >>> static struct mh_strnptr_t *built_in_functions = NULL; >>> static struct func_sql_builtin **functions; >>> >>> +/** Array for converting from half-bytes into ASCII hex digits. */ >>> +static const char hexdigits[] = { >>> + '0', '1', '2', '3', '4', '5', '6', '7', >>> + '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' >>> +}; >>> + >>> +/** Implementation of the HEX() SQL built-in function. */ >>> +static void >>> +func_hex(struct sql_context *ctx, int argc, struct Mem **argv) >>> +{ >>> + assert(argc == 1); >>> + (void)argc; >>> + if (argv[0]->type == MEM_TYPE_NULL) >>> + return mem_set_null(ctx->pOut); >>> + >>> + assert(argv[0]->type == MEM_TYPE_BIN && argv[0]->n >= 0); >>> + assert((argv[0]->flags & MEM_Zero) == 0 || argv[0]->u.nZero >= >>> 0); >>> + uint32_t size = 2 * argv[0]->n; >>> + if ((argv[0]->flags & MEM_Zero) != 0) >>> + size += 2 * argv[0]->u.nZero; >>> + if (size == 0) >>> + return mem_set_str0_static(ctx->pOut, ""); >>> + >>> + char *str = sqlDbMallocRawNN(sql_get(), size); >>> + if (str == NULL) { >>> + ctx->is_aborted = true; >>> + return; >>> + } >>> + for (int i = 0; i < argv[0]->n; ++i) { >>> + char c = argv[0]->z[i]; >>> + str[2 * i] = hexdigits[(c >> 4) & 0xf]; >>> + str[2 * i + 1] = hexdigits[c & 0xf]; >>> + } >>> + if ((argv[0]->flags & MEM_Zero) != 0) >>> + memset(&str[2 * argv[0]->n], '0', 2 * argv[0]->u.nZero); >>> + mem_set_str_allocated(ctx->pOut, str, size); >>> +} >>> + >>> static const unsigned char * >>> mem_as_ustr(struct Mem *mem) >>> { >>> @@ -1072,14 +1110,6 @@ sql_func_version(struct sql_context *context, >>> sql_result_text(context, tarantool_version(), -1, SQL_STATIC); >>> } >>> >>> -/* Array for converting from half-bytes (nybbles) into ASCII hex >>> - * digits. >>> - */ >>> -static const char hexdigits[] = { >>> - '0', '1', '2', '3', '4', '5', '6', '7', >>> - '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' >>> -}; >>> - >>> /* >>> * Implementation of the QUOTE() function. This function takes a >>> single >>> * argument. If the argument is numeric, the return value is the >>> same as >>> @@ -1233,33 +1263,6 @@ charFunc(sql_context * context, int argc, >>> sql_value ** argv) >>> sql_result_text64(context, (char *)z, zOut - z, sql_free); >>> } >>> >>> -/* >>> - * The hex() function. Interpret the argument as a blob. Return >>> - * a hexadecimal rendering as text. >>> - */ >>> -static void >>> -hexFunc(sql_context * context, int argc, sql_value ** argv) >>> -{ >>> - int i, n; >>> - const unsigned char *pBlob; >>> - char *zHex, *z; >>> - assert(argc == 1); >>> - UNUSED_PARAMETER(argc); >>> - pBlob = mem_as_bin(argv[0]); >>> - n = mem_len_unsafe(argv[0]); >>> - assert(pBlob == mem_as_bin(argv[0])); /* No encoding change */ >>> - z = zHex = contextMalloc(context, ((i64) n) * 2 + 1); >>> - if (zHex) { >>> - for (i = 0; i < n; i++, pBlob++) { >>> - unsigned char c = *pBlob; >>> - *(z++) = hexdigits[(c >> 4) & 0xf]; >>> - *(z++) = hexdigits[c & 0xf]; >>> - } >>> - *z = 0; >>> - sql_result_text(context, zHex, n * 2, sql_free); >>> - } >>> -} >>> - >>> /* >>> * The zeroblob(N) function returns a zero-filled blob of size N >>> bytes. >>> */ >>> @@ -2034,7 +2037,7 @@ static struct sql_func_definition definitions[] >>> = { >>> {"GROUP_CONCAT", 2, {FIELD_TYPE_VARBINARY, >>> FIELD_TYPE_VARBINARY}, >>> FIELD_TYPE_VARBINARY, groupConcatStep, groupConcatFinalize}, >>> >>> - {"HEX", 1, {FIELD_TYPE_VARBINARY}, FIELD_TYPE_STRING, hexFunc, >>> NULL}, >>> + {"HEX", 1, {FIELD_TYPE_VARBINARY}, FIELD_TYPE_STRING, func_hex, >>> NULL}, >>> {"IFNULL", 2, {FIELD_TYPE_ANY, FIELD_TYPE_ANY}, >>> FIELD_TYPE_SCALAR, >>> sql_builtin_stub, NULL}, >>> Regards, Timur