From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
To: Nikita Pettik <korablev@tarantool.org>, tarantool-patches@freelists.org
Subject: [tarantool-patches] Re: [PATCH] sql: decrease max depth of expression AST
Date: Wed, 12 Dec 2018 16:34:05 +0300 [thread overview]
Message-ID: <aeb07c4d-6142-3a45-22ae-7a73d4adb39c@tarantool.org> (raw)
In-Reply-To: <20181211230308.85893-1-korablev@tarantool.org>
LGTM.
On 12/12/2018 02:03, Nikita Pettik wrote:
> Currently, all routines connected with expression AST processing rely on
> recursive approaches. On the other hand, SQL is executed in a standard
> fiber, which features only 64kb of stack memory. Hence, deep recursion
> can result in stack overflow. To avoid obvious overflows lets
> significantly restrict allowed depth of expression AST. Note that it is
> not radical solution to this problem but rather temporary fix.
>
> Workaround for #3861
> ---
> Branch: https://github.com/tarantool/tarantool/tree/np/gh-3861-reduce-expr-AST-depth
> Issue: https://github.com/tarantool/tarantool/issues/3861
>
> src/box/sql/sqliteLimit.h | 2 +-
> test/sql-tap/where7.test.lua | 32 ++++++++++++++++++++++----------
> 2 files changed, 23 insertions(+), 11 deletions(-)
>
> diff --git a/src/box/sql/sqliteLimit.h b/src/box/sql/sqliteLimit.h
> index 3b474ed9f..e7d1b63c2 100644
> --- a/src/box/sql/sqliteLimit.h
> +++ b/src/box/sql/sqliteLimit.h
> @@ -106,7 +106,7 @@ enum {
> * at all times.
> */
> #ifndef SQLITE_MAX_EXPR_DEPTH
> -#define SQLITE_MAX_EXPR_DEPTH 1000
> +#define SQLITE_MAX_EXPR_DEPTH 200
> #endif
>
> /*
> diff --git a/test/sql-tap/where7.test.lua b/test/sql-tap/where7.test.lua
> index 09cbe53d1..d5f389347 100755
> --- a/test/sql-tap/where7.test.lua
> +++ b/test/sql-tap/where7.test.lua
> @@ -1,6 +1,6 @@
> #!/usr/bin/env tarantool
> test = require("sqltester")
> -test:plan(2022)
> +test:plan(2023)
>
> --!./tcltestrunner.lua
> -- 2008 December 23
> @@ -230,14 +230,14 @@ test:do_test(
> "where7-1.20",
> function()
> sql = "SELECT a FROM t1 WHERE a=11 OR b=11"
> - for i = 12, 400 - 1, 1 do
> + for i = 12, 100 do
> sql = sql .. string.format(" OR a=%s OR b=%s", i, i)
> end
> sql = sql .. " ORDER BY a"
> return count_steps(sql)
> end, {
> -- <where7-1.20>
> -
> +
> -- </where7-1.20>
> })
>
> @@ -245,7 +245,7 @@ test:do_test(
> "where7-1.21",
> function()
> sql = "SELECT a FROM t1 WHERE b=11 OR c=11"
> - for i = 12, 400 - 1, 1 do
> + for i = 12, 100 do
> sql = sql .. string.format(" OR b=%s OR c=%s", i, i)
> end
> sql = sql .. " ORDER BY a"
> @@ -260,7 +260,7 @@ test:do_test(
> "where7-1.22",
> function()
> sql = "SELECT a FROM t1 WHERE (b=11 OR c=11"
> - for i = 12, 400 - 1, 1 do
> + for i = 12, 100 do
> sql = sql .. string.format(" OR b=%s OR c=%s", i, i)
> end
> sql = sql .. ") AND d>=0 AND d<9999 ORDER BY a"
> @@ -275,7 +275,7 @@ test:do_test(
> "where7-1.23",
> function()
> sql = "SELECT a FROM t1 WHERE (b=11 OR c=11"
> - for i = 12, 400 - 1, 1 do
> + for i = 12, 100 do
> sql = sql .. string.format(" OR (b=%s AND d!=0) OR (c=%s AND d IS NOT NULL)", i, i)
> end
> sql = sql .. ") AND d>=0 AND d<9999 ORDER BY a"
> @@ -290,14 +290,14 @@ test:do_test(
> "where7-1.31",
> function()
> sql = "SELECT a FROM t1 WHERE (a=11 AND b=11)"
> - for i = 12, 400 - 1, 1 do
> + for i = 12, 100 do
> sql = sql .. string.format(" OR (a=%s AND b=%s)", i, i)
> end
> sql = sql .. " ORDER BY a"
> return count_steps(sql)
> end, {
> -- <where7-1.31>
> -
> +
> -- </where7-1.31>
> })
>
> @@ -305,17 +305,29 @@ test:do_test(
> "where7-1.32",
> function()
> sql = "SELECT a FROM t1 WHERE (b=11 AND c=11)"
> - for i = 12, 400 - 1, 1 do
> + for i = 12, 100 do
> sql = sql .. string.format(" OR (b=%s AND c=%s)", i, i)
> end
> sql = sql .. " ORDER BY a"
> return count_steps(sql)
> end, {
> -- <where7-1.32>
> -
> +
> -- </where7-1.32>
> })
>
> +test:do_test(
> + "where7-AST-depth-limit",
> + function()
> + sql = "SELECT a FROM t1 WHERE a = 0"
> + for i = 1, 199 do
> + sql = sql .. string.format(" OR a = %s", i)
> + end
> + return test:catchsql(sql)
> + end, {
> + 1, "Expression tree is too large (maximum depth 200)"
> + })
> +
> test:do_test(
> "where7-2.1",
> function()
>
prev parent reply other threads:[~2018-12-12 13:34 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-11 23:03 [tarantool-patches] " Nikita Pettik
2018-12-12 13:34 ` Vladislav Shpilevoy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aeb07c4d-6142-3a45-22ae-7a73d4adb39c@tarantool.org \
--to=v.shpilevoy@tarantool.org \
--cc=korablev@tarantool.org \
--cc=tarantool-patches@freelists.org \
--subject='[tarantool-patches] Re: [PATCH] sql: decrease max depth of expression AST' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox