From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 711636EC55; Thu, 26 Aug 2021 14:09:35 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 711636EC55 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1629976175; bh=XaDMdDQIm0RRDBKbPAR5PmhPgunymxQ3NRnbyjEiH3A=; h=To:Cc:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=BFDkcKH8Z080lUMEAUaDNjsUdH110K+Bvq7nhMWXBdKJ86tRMVe36Z3uTCpwawYhX 8iyl4BB9bm8bPzjfxlF6sTHVTPT/hzlyPJnT/eG01U3FjoZZdVktg1zV7/TKaAwlSM qUkThxENfKQQiZr/0O39Eq2IWhutlIHFRIc/n6I8= Received: from smtpng1.i.mail.ru (smtpng1.i.mail.ru [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 5C0A66EC55 for ; Thu, 26 Aug 2021 14:09:34 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 5C0A66EC55 Received: by smtpng1.m.smailru.net with esmtpa (envelope-from ) id 1mJDGH-0003P7-IH; Thu, 26 Aug 2021 14:09:33 +0300 To: v.shpilevoy@tarantool.org Cc: tarantool-patches@dev.tarantool.org Date: Thu, 26 Aug 2021 14:09:33 +0300 Message-Id: <7c4620245d61624883115541490cd94d10626c00.1629976113.git.imeevma@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD92087353F0EC44DD91BCCB18F2C129F87F36E61E9E4584E9D182A05F5380850409788ED4651B8F1741004D216A5CA40AE5CDE27C393B31D67CDD60FD9CA3B3C66 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7624C4D757C4F5837EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F79006373BFF7CCD9F2968778638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D84E3A9ED3601B89341533EB9A3E4BC322117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC2EE5AD8F952D28FBA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352033AC447995A7AD18C26CFBAC0749D213D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B6300D3B61E77C8D3B089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975CD38A7E49931D2E153298A908304A0AE94B706BA6249854EE9C2B6934AE262D3EE7EAB7254005DCED60723831D8DB72261E0A4E2319210D9B64D260DF9561598F01A9E91200F654B0F5DD670F6F5D62878E8E86DC7131B365E7726E8460B7C23C X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34060C3C6DE316ECE4B7ED2F7252BA57B7BB2097C63D251C663F4A33B7D0923C04AED8CEAA988A66641D7E09C32AA3244C5204E9D2B1DCFE3C0AD83C81282347C43A92A9747B6CC886729B2BEF169E0186 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojXSF/Tsl6M2OupSCKIYK0Lw== X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5DA90E04E683BA91D987E99680FC46499A83D72C36FC87018B9F80AB2734326CD2FB559BB5D741EB96352A0ABBE4FDA4210A04DAD6CC59E33667EA787935ED9F1B X-Mras: Ok Subject: [Tarantool-patches] [PATCH v1 1/1] sql: fix error on copy empty string in mem_copy() X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Mergen Imeev via Tarantool-patches Reply-To: imeevma@tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This patch fixes the problem with copying an empty string in mem_copy(). Previously, because the string length was 0, an error was thrown, but the diag was not set, which could lead to an error due to an empty diag or to a double free. Closes #6157 --- https://github.com/tarantool/tarantool/issues/6157 https://github.com/tarantool/tarantool/tree/imeevma/gh-6157-fix-error-on-empty-str .../gh-6157-fix-error-on-copy-empty-str.md | 5 +++ src/box/sql/mem.c | 3 +- test/sql-tap/CMakeLists.txt | 1 + test/sql-tap/engine.cfg | 1 + .../gh-6157-unnecessary-free-on-string.c | 10 +++++ ...h-6157-unnecessary-free-on-string.test.lua | 38 +++++++++++++++++++ 6 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/gh-6157-fix-error-on-copy-empty-str.md create mode 100644 test/sql-tap/gh-6157-unnecessary-free-on-string.c create mode 100755 test/sql-tap/gh-6157-unnecessary-free-on-string.test.lua diff --git a/changelogs/unreleased/gh-6157-fix-error-on-copy-empty-str.md b/changelogs/unreleased/gh-6157-fix-error-on-copy-empty-str.md new file mode 100644 index 000000000..e5f747414 --- /dev/null +++ b/changelogs/unreleased/gh-6157-fix-error-on-copy-empty-str.md @@ -0,0 +1,5 @@ +## bugfix/sql + +* Now, when copying an empty string, an error will not be set + unnecessarily (gh-6157). + diff --git a/src/box/sql/mem.c b/src/box/sql/mem.c index 0aca76112..c91fc8396 100644 --- a/src/box/sql/mem.c +++ b/src/box/sql/mem.c @@ -1913,7 +1913,8 @@ mem_copy(struct Mem *to, const struct Mem *from) assert((to->flags & MEM_Zero) == 0 || to->type == MEM_TYPE_BIN); if ((to->flags & MEM_Zero) != 0) return sqlVdbeMemExpandBlob(to); - to->zMalloc = sqlDbReallocOrFree(to->db, to->zMalloc, to->n); + to->zMalloc = sqlDbRealloc(to->db, to->zMalloc, MAX(32, to->n)); + assert(to->zMalloc != NULL || sql_get()->mallocFailed != 0); if (to->zMalloc == NULL) return -1; to->szMalloc = sqlDbMallocSize(to->db, to->zMalloc); diff --git a/test/sql-tap/CMakeLists.txt b/test/sql-tap/CMakeLists.txt index 87f23b2f7..2e215032b 100644 --- a/test/sql-tap/CMakeLists.txt +++ b/test/sql-tap/CMakeLists.txt @@ -3,3 +3,4 @@ build_module(gh-5938-wrong-string-length gh-5938-wrong-string-length.c) build_module(gh-6024-funcs-return-bin gh-6024-funcs-return-bin.c) build_module(sql_uuid sql_uuid.c) build_module(decimal decimal.c) +build_module(gh-6157 gh-6157-unnecessary-free-on-string.c) diff --git a/test/sql-tap/engine.cfg b/test/sql-tap/engine.cfg index 35754f769..f6f7752af 100644 --- a/test/sql-tap/engine.cfg +++ b/test/sql-tap/engine.cfg @@ -35,6 +35,7 @@ "built-in-functions.test.lua": { "memtx": {"engine": "memtx"} }, + "gh-6157-unnecessary-free-on-string.test.lua": {}, "gh-4077-iproto-execute-no-bind.test.lua": {}, "*": { "memtx": {"engine": "memtx"}, diff --git a/test/sql-tap/gh-6157-unnecessary-free-on-string.c b/test/sql-tap/gh-6157-unnecessary-free-on-string.c new file mode 100644 index 000000000..ce928d494 --- /dev/null +++ b/test/sql-tap/gh-6157-unnecessary-free-on-string.c @@ -0,0 +1,10 @@ +#include "msgpuck.h" +#include "module.h" + +int +f(box_function_ctx_t* ctx, const char* args, const char* args_end) +{ + char res[16]; + char *end = mp_encode_str(res, "stub", strlen("stub")); + return box_return_mp(ctx, res, end); +} diff --git a/test/sql-tap/gh-6157-unnecessary-free-on-string.test.lua b/test/sql-tap/gh-6157-unnecessary-free-on-string.test.lua new file mode 100755 index 000000000..326570aea --- /dev/null +++ b/test/sql-tap/gh-6157-unnecessary-free-on-string.test.lua @@ -0,0 +1,38 @@ +#!/usr/bin/env tarantool +local build_path = os.getenv("BUILDDIR") +package.cpath = build_path..'/test/sql-tap/?.so;'..build_path..'/test/sql-tap/?.dylib;'..package.cpath + +local test = require("sqltester") +test:plan(1) + +box.schema.func.create("gh-6157.f", { + language = "C", + param_list = {"string"}, + returns = "string", + exports = {"SQL"} +}) + +box.execute([[CREATE TABLE ts(s STRING PRIMARY KEY);]]) +box.execute([[INSERT INTO ts VALUES ('');]]) +box.execute([[CREATE TABLE ti(i INT PRIMARY KEY);]]) +for i = 1, 100 do + box.execute([[INSERT INTO ti VALUES(]]..i..[[);]]) +end + +test:do_execsql_test( + "gh-6157", + [[ + SELECT COUNT("gh-6157.f"('')), (SELECT s FROM ts WHERE s = '') FROM ti; + SELECT COUNT("gh-6157.f"('')), (SELECT s FROM ts WHERE s = '') FROM ti; + SELECT COUNT("gh-6157.f"('')), (SELECT s FROM ts WHERE s = '') FROM ti; + SELECT COUNT("gh-6157.f"('')), (SELECT s FROM ts WHERE s = '') FROM ti; + SELECT COUNT("gh-6157.f"('')), (SELECT s FROM ts WHERE s = '') FROM ti; + ]], { + 100, "" + }) + +box.space._func.index['name']:delete("gh-6157.f") +box.execute([[DROP TABLE ts;]]) +box.execute([[DROP TABLE ti;]]) + +test:finish_test() -- 2.25.1