From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 2FE1F24F31 for ; Mon, 2 Jul 2018 09:30:27 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mhupaKvXtEE7 for ; Mon, 2 Jul 2018 09:30:27 -0400 (EDT) Received: from smtp17.mail.ru (smtp17.mail.ru [94.100.176.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id DCE5524E2D for ; Mon, 2 Jul 2018 09:30:26 -0400 (EDT) Subject: [tarantool-patches] Re: [PATCH v2 1/1] sql: disallow returning many rows from subselect References: <7815ec2cb5cfb0d837478cff88fe4ba95503e8d7.1530113937.git.kshcherbatov@tarantool.org> <80d9fc88-3030-764b-55f2-86d6e5e33f03@tarantool.org> <411BF67B-D49B-468C-80EF-AF31D520F0DF@tarantool.org> From: Vladislav Shpilevoy Message-ID: <7ba69010-2e21-9e4f-d923-4061ddecf4cf@tarantool.org> Date: Mon, 2 Jul 2018 16:30:24 +0300 MIME-Version: 1.0 In-Reply-To: <411BF67B-D49B-468C-80EF-AF31D520F0DF@tarantool.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: "n.pettik" , tarantool-patches@freelists.org Cc: Kirill Shcherbatov Thanks for the patch! See 6 comments below. And I have pushed more minor fixes on the branch. Please, squash. > diff --git a/src/box/sql/expr.c b/src/box/sql/expr.c > index 70e134f21..23cee593f 100644 > --- a/src/box/sql/expr.c > +++ b/src/box/sql/expr.c > @@ -2874,10 +2874,14 @@ sqlite3CodeSubselect(Parse * pParse, /* Parsing context */ > dest.iSDParm); > VdbeComment((v, "Init EXISTS result")); > } > - sql_expr_delete(pParse->db, pSel->pLimit, false); > - pSel->pLimit = sqlite3ExprAlloc(pParse->db, TK_INTEGER, > - &sqlite3IntTokens[1], > - 0); > + if (pSel->pLimit == NULL) { 1. How can it be != NULL? > + pSel->pLimit = > + sqlite3ExprAlloc(pParse->db, TK_INTEGER, > + &sqlite3IntTokens[1], > + 0); > + ExprSetProperty(pSel->pLimit, EP_System); 2. ExprSerProperty does not check for pSel->pLimit == NULL, so it crashes on OOM. > + } > + pSel->selFlags |= SF_SingleRow; > pSel->iLimit = 0; > pSel->selFlags &= ~SF_MultiValue; > if (sqlite3Select(pParse, pSel, &dest)) { > diff --git a/src/box/sql/select.c b/src/box/sql/select.c > index 54f78a9de..daec802da 100644 > --- a/src/box/sql/select.c > +++ b/src/box/sql/select.c > @@ -2120,6 +2120,38 @@ computeLimitRegisters(Parse * pParse, Select * p, int iBreak) > sqlite3VdbeAddOp2(v, OP_IfNot, iLimit, iBreak); > VdbeCoverage(v); > } > + if (p->selFlags & SF_SingleRow) { > + if (ExprHasProperty(p->pLimit, EP_System)) { > + /* > + * Indirect LIMIT 1 is allowed only for > + * requests returning only 1 row. > + * To test this, we change LIMIT 1 to > + * LIMIT 2 and will look up LIMIT 1 overflow > + * at the sqlite3Select end. > + */ > + sqlite3VdbeAddOp2(v, OP_Integer, 2, iLimit); > + } else { > + /* > + * User-defined complex limit for subquery > + * could be only 1 as resulting value. > + */ > + int r1 = sqlite3GetTempReg(pParse); > + sqlite3VdbeAddOp2(v, OP_Integer, 1, r1); > + int no_err = sqlite3VdbeMakeLabel(v); > + sqlite3VdbeAddOp3(v, OP_Eq, iLimit, no_err, r1); > + const char *error = > + "Expression subquery could be limited " > + "only with 1."; > + sqlite3VdbeAddOp4(v, OP_Halt, > + SQL_TARANTOOL_ERROR, > + 0, 0, error, P4_STATIC); 3. I do not see where do you set an appropriate error code (p5). > + sqlite3VdbeResolveLabel(v, no_err); > + sqlite3ReleaseTempReg(pParse, r1); > + > + /* Runtime checks are no longer needed. */ > + p->selFlags &= ~SF_SingleRow; > + } > + } > @@ -5398,6 +5430,31 @@ explain_simple_count(struct Parse *parse_context, const char *table_name) > } > } > > +/** > + * Generate VDBE code that HALT program when subselect returned > + * more than one row (determined as LIMIT 1 overflow). > + * @param parser Current parsing context. > + * @param limit_reg LIMIT register. > + * @param end_mark mark to jump if select returned distinct one > + * row as expected. > + */ > +static void > +vdbe_code_raise_on_multiple_rows(struct Parse *parser, int limit_reg, int end_mark) > +{ > + assert(limit_reg != 0); > + struct Vdbe *v = sqlite3GetVdbe(parser); > + assert(v != NULL); > + > + int r1 = sqlite3GetTempReg(parser); > + sqlite3VdbeAddOp2(v, OP_Integer, 0, r1); > + sqlite3VdbeAddOp3(v, OP_Ne, r1, end_mark, limit_reg); > + const char *error = "Expression subquery returned more than 1 row"; > + sqlite3VdbeAddOp4(v, OP_Halt, SQL_TARANTOOL_ERROR, > + ON_CONFLICT_ACTION_FAIL, 0, > + error, P4_STATIC); 4. Same. > + sqlite3ReleaseTempReg(parser, r1); > +} > + > /* > * Generate code for the SELECT statement given in the p argument. > * > @@ -6326,8 +6389,10 @@ sqlite3Select(Parse * pParse, /* The parser context */ > generateSortTail(pParse, p, &sSort, pEList->nExpr, pDest); > } > > - /* Jump here to skip this query > - */ > + /* Generate code that prevent returning multiple rows. */ > + if (p->selFlags & SF_SingleRow && p->iLimit != 0) > + vdbe_code_raise_on_multiple_rows(pParse, p->iLimit, iEnd); 5. Why do you have two runtime checks for the same auto limit? > + /* Jump here to skip this query. */ > sqlite3VdbeResolveLabel(v, iEnd); > > /* The SELECT has been coded. If there is an error in the Parse structure, > diff --git a/src/box/sql/sqliteInt.h b/src/box/sql/sqliteInt.h > index e939663b6..bacf415df 100644 > --- a/src/box/sql/sqliteInt.h > +++ b/src/box/sql/sqliteInt.h> @@ -2702,6 +2704,8 @@ struct Select { > #define SF_FixedLimit 0x04000 /* nSelectRow set by a constant LIMIT */ > #define SF_MaybeConvert 0x08000 /* Need convertCompoundSelectToSubquery() */ > #define SF_Converted 0x10000 /* By convertCompoundSelectToSubquery() */ > +/** Abort subquery if its output contains more than one row. */ > +#define SF_SingleRow 0x40000 6. Why not 0x20000?