From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 711636EC55;
	Thu, 26 Aug 2021 14:09:35 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 711636EC55
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1629976175; bh=XaDMdDQIm0RRDBKbPAR5PmhPgunymxQ3NRnbyjEiH3A=;
	h=To:Cc:Date:Subject:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:From:Reply-To:From;
	b=BFDkcKH8Z080lUMEAUaDNjsUdH110K+Bvq7nhMWXBdKJ86tRMVe36Z3uTCpwawYhX
	 8iyl4BB9bm8bPzjfxlF6sTHVTPT/hzlyPJnT/eG01U3FjoZZdVktg1zV7/TKaAwlSM
	 qUkThxENfKQQiZr/0O39Eq2IWhutlIHFRIc/n6I8=
Received: from smtpng1.i.mail.ru (smtpng1.i.mail.ru [94.100.181.251])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 5C0A66EC55
 for <tarantool-patches@dev.tarantool.org>;
 Thu, 26 Aug 2021 14:09:34 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 5C0A66EC55
Received: by smtpng1.m.smailru.net with esmtpa (envelope-from
 <imeevma@tarantool.org>)
 id 1mJDGH-0003P7-IH; Thu, 26 Aug 2021 14:09:33 +0300
To: v.shpilevoy@tarantool.org
Cc: tarantool-patches@dev.tarantool.org
Date: Thu, 26 Aug 2021 14:09:33 +0300
Message-Id: <7c4620245d61624883115541490cd94d10626c00.1629976113.git.imeevma@gmail.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-7564579A: 646B95376F6C166E
X-77F55803: 4F1203BC0FB41BD92087353F0EC44DD91BCCB18F2C129F87F36E61E9E4584E9D182A05F5380850409788ED4651B8F1741004D216A5CA40AE5CDE27C393B31D67CDD60FD9CA3B3C66
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7624C4D757C4F5837EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F79006373BFF7CCD9F2968778638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D84E3A9ED3601B89341533EB9A3E4BC322117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC2EE5AD8F952D28FBA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352033AC447995A7AD18C26CFBAC0749D213D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B6300D3B61E77C8D3B089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF
X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975CD38A7E49931D2E153298A908304A0AE94B706BA6249854EE9C2B6934AE262D3EE7EAB7254005DCED60723831D8DB72261E0A4E2319210D9B64D260DF9561598F01A9E91200F654B0F5DD670F6F5D62878E8E86DC7131B365E7726E8460B7C23C
X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34060C3C6DE316ECE4B7ED2F7252BA57B7BB2097C63D251C663F4A33B7D0923C04AED8CEAA988A66641D7E09C32AA3244C5204E9D2B1DCFE3C0AD83C81282347C43A92A9747B6CC886729B2BEF169E0186
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojXSF/Tsl6M2OupSCKIYK0Lw==
X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5DA90E04E683BA91D987E99680FC46499A83D72C36FC87018B9F80AB2734326CD2FB559BB5D741EB96352A0ABBE4FDA4210A04DAD6CC59E33667EA787935ED9F1B
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH v1 1/1] sql: fix error on copy empty
 string in mem_copy()
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Mergen Imeev via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: imeevma@tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

This patch fixes the problem with copying an empty string in mem_copy().
Previously, because the string length was 0, an error was thrown, but
the diag was not set, which could lead to an error due to an empty diag
or to a double free.

Closes #6157
---
https://github.com/tarantool/tarantool/issues/6157
https://github.com/tarantool/tarantool/tree/imeevma/gh-6157-fix-error-on-empty-str

 .../gh-6157-fix-error-on-copy-empty-str.md    |  5 +++
 src/box/sql/mem.c                             |  3 +-
 test/sql-tap/CMakeLists.txt                   |  1 +
 test/sql-tap/engine.cfg                       |  1 +
 .../gh-6157-unnecessary-free-on-string.c      | 10 +++++
 ...h-6157-unnecessary-free-on-string.test.lua | 38 +++++++++++++++++++
 6 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/unreleased/gh-6157-fix-error-on-copy-empty-str.md
 create mode 100644 test/sql-tap/gh-6157-unnecessary-free-on-string.c
 create mode 100755 test/sql-tap/gh-6157-unnecessary-free-on-string.test.lua

diff --git a/changelogs/unreleased/gh-6157-fix-error-on-copy-empty-str.md b/changelogs/unreleased/gh-6157-fix-error-on-copy-empty-str.md
new file mode 100644
index 000000000..e5f747414
--- /dev/null
+++ b/changelogs/unreleased/gh-6157-fix-error-on-copy-empty-str.md
@@ -0,0 +1,5 @@
+## bugfix/sql
+
+* Now, when copying an empty string, an error will not be set
+  unnecessarily (gh-6157).
+
diff --git a/src/box/sql/mem.c b/src/box/sql/mem.c
index 0aca76112..c91fc8396 100644
--- a/src/box/sql/mem.c
+++ b/src/box/sql/mem.c
@@ -1913,7 +1913,8 @@ mem_copy(struct Mem *to, const struct Mem *from)
 	assert((to->flags & MEM_Zero) == 0 || to->type == MEM_TYPE_BIN);
 	if ((to->flags & MEM_Zero) != 0)
 		return sqlVdbeMemExpandBlob(to);
-	to->zMalloc = sqlDbReallocOrFree(to->db, to->zMalloc, to->n);
+	to->zMalloc = sqlDbRealloc(to->db, to->zMalloc, MAX(32, to->n));
+	assert(to->zMalloc != NULL || sql_get()->mallocFailed != 0);
 	if (to->zMalloc == NULL)
 		return -1;
 	to->szMalloc = sqlDbMallocSize(to->db, to->zMalloc);
diff --git a/test/sql-tap/CMakeLists.txt b/test/sql-tap/CMakeLists.txt
index 87f23b2f7..2e215032b 100644
--- a/test/sql-tap/CMakeLists.txt
+++ b/test/sql-tap/CMakeLists.txt
@@ -3,3 +3,4 @@ build_module(gh-5938-wrong-string-length gh-5938-wrong-string-length.c)
 build_module(gh-6024-funcs-return-bin gh-6024-funcs-return-bin.c)
 build_module(sql_uuid sql_uuid.c)
 build_module(decimal decimal.c)
+build_module(gh-6157 gh-6157-unnecessary-free-on-string.c)
diff --git a/test/sql-tap/engine.cfg b/test/sql-tap/engine.cfg
index 35754f769..f6f7752af 100644
--- a/test/sql-tap/engine.cfg
+++ b/test/sql-tap/engine.cfg
@@ -35,6 +35,7 @@
     "built-in-functions.test.lua": {
         "memtx": {"engine": "memtx"}
     },
+    "gh-6157-unnecessary-free-on-string.test.lua": {},
     "gh-4077-iproto-execute-no-bind.test.lua": {},
     "*": {
         "memtx": {"engine": "memtx"},
diff --git a/test/sql-tap/gh-6157-unnecessary-free-on-string.c b/test/sql-tap/gh-6157-unnecessary-free-on-string.c
new file mode 100644
index 000000000..ce928d494
--- /dev/null
+++ b/test/sql-tap/gh-6157-unnecessary-free-on-string.c
@@ -0,0 +1,10 @@
+#include "msgpuck.h"
+#include "module.h"
+
+int
+f(box_function_ctx_t* ctx, const char* args, const char* args_end)
+{
+	char res[16];
+	char *end = mp_encode_str(res, "stub", strlen("stub"));
+	return box_return_mp(ctx, res, end);
+}
diff --git a/test/sql-tap/gh-6157-unnecessary-free-on-string.test.lua b/test/sql-tap/gh-6157-unnecessary-free-on-string.test.lua
new file mode 100755
index 000000000..326570aea
--- /dev/null
+++ b/test/sql-tap/gh-6157-unnecessary-free-on-string.test.lua
@@ -0,0 +1,38 @@
+#!/usr/bin/env tarantool
+local build_path = os.getenv("BUILDDIR")
+package.cpath = build_path..'/test/sql-tap/?.so;'..build_path..'/test/sql-tap/?.dylib;'..package.cpath
+
+local test = require("sqltester")
+test:plan(1)
+
+box.schema.func.create("gh-6157.f", {
+    language = "C",
+    param_list = {"string"},
+    returns = "string",
+    exports = {"SQL"}
+})
+
+box.execute([[CREATE TABLE ts(s STRING PRIMARY KEY);]])
+box.execute([[INSERT INTO ts VALUES ('');]])
+box.execute([[CREATE TABLE ti(i INT PRIMARY KEY);]])
+for i = 1, 100 do
+    box.execute([[INSERT INTO ti VALUES(]]..i..[[);]])
+end
+
+test:do_execsql_test(
+    "gh-6157",
+    [[
+        SELECT COUNT("gh-6157.f"('')), (SELECT s FROM ts WHERE s = '') FROM ti;
+        SELECT COUNT("gh-6157.f"('')), (SELECT s FROM ts WHERE s = '') FROM ti;
+        SELECT COUNT("gh-6157.f"('')), (SELECT s FROM ts WHERE s = '') FROM ti;
+        SELECT COUNT("gh-6157.f"('')), (SELECT s FROM ts WHERE s = '') FROM ti;
+        SELECT COUNT("gh-6157.f"('')), (SELECT s FROM ts WHERE s = '') FROM ti;
+    ]], {
+        100, ""
+    })
+
+box.space._func.index['name']:delete("gh-6157.f")
+box.execute([[DROP TABLE ts;]])
+box.execute([[DROP TABLE ti;]])
+
+test:finish_test()
-- 
2.25.1