From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 46E9870295; Wed, 1 Dec 2021 01:02:43 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 46E9870295 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1638309763; bh=pWSYwnoRhoHKEnpvnMqqg/KovzP/L8NaoC3aLObHg9E=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=O2wIoaFBS192Hvj58haI/B81DLGmxadBui4GB/CM3GwvTMefDQ4hLDgblVNENwmkK ORPd+UTUaz6jWRKp2N8PpIhnBUyb7KG8qOae7bKM+bpyRy3QS8/ZtgKpAiKg6rXT1d AdQIQ0sOsAJh0bv2QaSOt2QGhZB6VgwoMdZDh8IQ= Received: from smtpng3.i.mail.ru (smtpng3.i.mail.ru [94.100.177.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 19AFE70295 for ; Wed, 1 Dec 2021 01:02:42 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 19AFE70295 Received: by smtpng3.m.smailru.net with esmtpa (envelope-from ) id 1msBCz-0004yA-8U; Wed, 01 Dec 2021 01:02:41 +0300 Message-ID: <819eff36-2d59-3328-e442-10703dbbda99@tarantool.org> Date: Tue, 30 Nov 2021 23:02:40 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.3.2 Content-Language: en-US To: Mergen Imeev Cc: tarantool-patches@dev.tarantool.org References: <20211125083336.GA56448@tarantool.org> In-Reply-To: <20211125083336.GA56448@tarantool.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-4EC0790: 10 X-7564579A: 78E4E2B564C1792B X-77F55803: 4F1203BC0FB41BD979319CBFD1B938AB297A608F8340ACE9FF8FAC76D61248C2182A05F5380850400EE8BE4F703CA730DF1CD8095240E59C8DB52BB7A7577A209C1CC2BDE1B06D58 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE729508FF2E8683A3EB287FD4696A6DC2FA8DF7F3B2552694A4E2F5AFA99E116B42401471946AA11AF7680F9384605B90381C4E570E9C9D5568F08D7030A58E5AD1A62830130A00468AEEEE3FBA3A834EE7353EFBB55337566BD1FC2C1415E7E9D7C2B8C0F5706555EE4819D7ECB86D1D9A471835C12D1D9774AD6D5ED66289B5278DA827A17800CE77A825AB47F0FC8649FA2833FD35BB23D2EF20D2F80756B5F868A13BD56FB6657A471835C12D1D977725E5C173C3A84C327ED053E960B195E117882F4460429728AD0CFFFB425014E868A13BD56FB6657E2021AF6380DFAD1A18204E546F3947CB11811A4A51E3B096D1867E19FE1407959CC434672EE6371089D37D7C0E48F6C8AA50765F79006377AA2284B41911753EFF80C71ABB335746BA297DBC24807EABDAD6C7F3747799A X-C1DE0DAB: 0D63561A33F958A5A8C8C5542872A22E10B69BFF5847D2D6689B9A3447578273D59269BC5F550898D99A6476B3ADF6B47008B74DF8BB9EF7333BD3B22AA88B938A852937E12ACA759F66ED85EB5F25FD410CA545F18667F91A7EA1CDA0B5A7A0 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34D8C933888226C841253021E1F07891324CF003F96AB906993FDB7593BDDD237659BEA2D557672F151D7E09C32AA3244CAA99E673C3D0D39727A1CFA1D0C81603408A6A02710B7304729B2BEF169E0186 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojLBs75AcgWjO/+/CVKFOlJg== X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5D9C0579B68FC4A6C6A83C4171AD7E422E3841015FED1DE5223CC9A89AB576DD93FB559BB5D741EB963CF37A108A312F5C27E8A8C3839CE0E267EA787935ED9F1B X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH v1 1/2] sql: properly check bind variable names X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Vladislav Shpilevoy via Tarantool-patches Reply-To: Vladislav Shpilevoy Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" Thanks for the fixes! >>> diff --git a/src/box/sql/expr.c b/src/box/sql/expr.c >>> index eb169aeb8..74a98c550 100644 >>> --- a/src/box/sql/expr.c >>> +++ b/src/box/sql/expr.c >>> @@ -1314,6 +1314,52 @@ sqlExprAssignVarNumber(Parse * pParse, Expr * pExpr, u32 n) >>> } >>> } >>> >>> +struct Expr * >>> +expr_variable(struct Parse *parse, struct Token *spec, struct Token *id) >> >> 1. You might want to call it expr_new_variable(). Or sql_expr_new_variable(). >> To be consistent with our naming policy for constructors allocating memory >> and for consistency with with sql_expr_new_column(), sql_expr_new(), >> sql_expr_new_dequoted(), sql_expr_new_named(), sql_expr_new_anon(). >> > Thank you! I renamed it to expr_new_variable(). I believe we should drop 'sql_' > prefix for functions that only accessible in SQL. It would work for static functions. But if a function is visible in other modules as a symbol, then you would get a conflict during linking if we ever introduce another 'struct expr' somewhere. Even if they do not interest anywhere in the code. However I don't mind leaving it as is. It can be fixed later if ever needed. See 5 comments below. > diff --git a/src/box/sql/expr.c b/src/box/sql/expr.c > index eb169aeb8..8ff01dd33 100644 > --- a/src/box/sql/expr.c > +++ b/src/box/sql/expr.c > @@ -1314,6 +1314,59 @@ sqlExprAssignVarNumber(Parse * pParse, Expr * pExpr, u32 n) > } > } > > +struct Expr * > +expr_new_variable(struct Parse *parse, const struct Token *spec, > + const struct Token *id) > +{ > + assert(spec != 0 && spec->n == 1); > + uint32_t len = 1; > + if (parse->parse_only) { > + diag_set(ClientError, ER_SQL_PARSER_GENERIC_WITH_POS, > + parse->line_count, parse->line_pos, > + "bindings are not allowed in DDL"); > + parse->is_aborted = true; > + return NULL; > + } > + if (id != NULL) { > + assert(spec->z[0] != '?'); > + if (id->z - spec->z != 1) { > + diag_set(ClientError, ER_SQL_UNKNOWN_TOKEN, > + parse->line_count, spec->z - parse->zTail + 1, > + spec->n, spec->z); > + parse->is_aborted = true; > + return NULL; > + } > + if (spec->z[0] == '#' && (id != NULL && sqlIsdigit(id->z[0]))) { 1. You already checked for 'id != NULL' several lines above. Also you don't need () around the second &&. > + diag_set(ClientError, ER_SQL_SYNTAX_NEAR_TOKEN, > + parse->line_count, spec->n, spec->z); > + parse->is_aborted = true; > + return NULL; > + } > + len += id->n; > + } > + struct Expr *expr = sqlDbMallocRawNN(parse->db, > + sizeof(*expr) + len + 1); 2. sql_expr_new_empty(). > + if (expr == NULL) { > + parse->is_aborted = true; > + return NULL; > + } > diff --git a/src/box/sql/parse.y b/src/box/sql/parse.y > index ee319d5ad..15f6223b0 100644 > --- a/src/box/sql/parse.y > +++ b/src/box/sql/parse.y > @@ -1019,20 +1010,16 @@ idlist(A) ::= nm(Y). { > p->flags = EP_Leaf; > p->iAgg = -1; > p->u.zToken = (char*)&p[1]; > - if (op != TK_VARIABLE) { > - int rc = sql_normalize_name(p->u.zToken, name_sz, t.z, t.n); > - if (rc > name_sz) { > - name_sz = rc; > - p = sqlDbReallocOrFree(pParse->db, p, sizeof(*p) + name_sz); > - if (p == NULL) > - goto tarantool_error; > - p->u.zToken = (char *) &p[1]; > - if (sql_normalize_name(p->u.zToken, name_sz, t.z, t.n) > name_sz) > - unreachable(); > + int rc = sql_normalize_name(p->u.zToken, name_sz, t.z, t.n); > + if (rc > name_sz) { > + name_sz = rc; > + p = sqlDbReallocOrFree(pParse->db, p, sizeof(*p) + name_sz); > + if (p == NULL) { > + sqlDbFree(pParse->db, p); 3. From the name sqlDbReallocOrFree() it looks like 'p' is already freed. Also it is NULL here anyway, what makes sqlDbFree() nop. > + pParse->is_aborted = true; 4. You will get a crash below, because p is NULL but you dereference it right afterwards. > } > - } else { > - memcpy(p->u.zToken, t.z, t.n); > - p->u.zToken[t.n] = 0; > + p->u.zToken = (char *) &p[1]; 5. Don't need whitespace after cast operator. > + sql_normalize_name(p->u.zToken, name_sz, t.z, t.n); > }