From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id A20176EC55;
	Thu, 26 Aug 2021 14:11:16 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org A20176EC55
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1629976276; bh=IIfxWda/ajmQxdUaB5WwMD+Hckiq46oYMXQqE/vso2I=;
	h=To:Cc:Date:Subject:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:From:Reply-To:From;
	b=Qj6lTeLSWZz/JeGJT7ztXOO73ISwMkWzYvuLgPzoZixfanC2lxx3dyWlMEpuSmLUj
	 QyqCChM61Cqqql7HFyN957I5HyyLhNM3CNmbEihsQFJ3/7Aa41yOlmiFoSWXo6U1go
	 nUJAPBEENAZYpZUY7AO2OEU6A/nnU0UCQ5W8czD8=
Received: from smtpng1.i.mail.ru (smtpng1.i.mail.ru [94.100.181.251])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id D77076EC55
 for <tarantool-patches@dev.tarantool.org>;
 Thu, 26 Aug 2021 14:11:15 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org D77076EC55
Received: by smtpng1.m.smailru.net with esmtpa (envelope-from
 <imeevma@tarantool.org>)
 id 1mJDHv-0004Lg-2H; Thu, 26 Aug 2021 14:11:15 +0300
To: v.shpilevoy@tarantool.org
Cc: tarantool-patches@dev.tarantool.org
Date: Thu, 26 Aug 2021 14:11:14 +0300
Message-Id: <ce439dcb79a57e9f825f09f3cb6c8859d86d7f5d.1629976249.git.imeevma@gmail.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-7564579A: B8F34718100C35BD
X-77F55803: 4F1203BC0FB41BD92087353F0EC44DD9D5AC6413C25DCF08CC98B8FCC5CD86F3182A05F5380850400825B121EBE67FDF432F7AF73C5A30A45CDE27C393B31D67696F816B37F85D26
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE74B51810D54EC17F0C2099A533E45F2D0395957E7521B51C2CFCAF695D4D8E9FCEA1F7E6F0F101C6778DA827A17800CE7F095E3787A950C88EA1F7E6F0F101C6723150C8DA25C47586E58E00D9D99D84E1BDDB23E98D2D38BBCA57AF85F7723F27942C66B59C72DE198F1D135A5A092D7CC7F00164DA146DAFE8445B8C89999728AA50765F7900637F6B57BC7E64490618DEB871D839B7333395957E7521B51C2DFABB839C843B9C08941B15DA834481F8AA50765F790063783E00425F71A4181389733CBF5DBD5E9B5C8C57E37DE458B9E9CE733340B9D5F3BBE47FD9DD3FB595F5C1EE8F4F765FC72CEEB2601E22B093A03B725D353964B0B7D0EA88DDEDAC722CA9DD8327EE4930A3850AC1BE2E735444A83B712AC0148C4224003CC83647689D4C264860C145E
X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975CD38A7E49931D2E1502F4C3E098A4C4BAF7A0FA08E9F4A48A9C2B6934AE262D3EE7EAB7254005DCEDFB29427B7C22B3881E0A4E2319210D9B64D260DF9561598F01A9E91200F654B0BDBC62CB1440F3B18E8E86DC7131B365E7726E8460B7C23C
X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34E69981C39E7B068AA5661E7584832D19C3109BED89F918947E69F756405D364B090FD6AC470278801D7E09C32AA3244CA988AC7A90D21F91AB72828D3CFC226A3A92A9747B6CC886729B2BEF169E0186
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojXSF/Tsl6M2M9/6pz5x3T3w==
X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5DEDF227C6F24D3A3C9A865CF02F9166FB83D72C36FC87018B9F80AB2734326CD2FB559BB5D741EB96352A0ABBE4FDA4210A04DAD6CC59E33667EA787935ED9F1B
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH v1 1/1] sql: fix a segfault in hex() on
 receiving zeroblob
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Mergen Imeev via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: imeevma@tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

This patch fixes a segmentation fault when zeroblob is received by the
SQL built-in HEX() function.

Closes #6113
---
https://github.com/tarantool/tarantool/issues/6113
https://github.com/tarantool/tarantool/tree/imeevma/gh-6113-fix-hex-segfault-2.10

 .../gh-6113-fix-segfault-in-hex-func.md       |  5 ++
 src/box/sql/func.c                            | 80 ++++++++++---------
 test/sql-tap/engine.cfg                       |  1 +
 ...gh-6113-assert-in-hex-on-zeroblob.test.lua | 13 +++
 4 files changed, 63 insertions(+), 36 deletions(-)
 create mode 100644 changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md
 create mode 100755 test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua

diff --git a/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md
new file mode 100644
index 000000000..c59be4d96
--- /dev/null
+++ b/changelogs/unreleased/gh-6113-fix-segfault-in-hex-func.md
@@ -0,0 +1,5 @@
+## bugfix/sql
+
+* The HEX() SQL built-in function now does not throw an assert on receiving
+  varbinary values that consist of zero-bytes (gh-6113).
+
diff --git a/src/box/sql/func.c b/src/box/sql/func.c
index c063552d6..2ff368dc7 100644
--- a/src/box/sql/func.c
+++ b/src/box/sql/func.c
@@ -53,6 +53,49 @@
 static struct mh_strnptr_t *built_in_functions = NULL;
 static struct func_sql_builtin **functions;
 
+/** Array for converting from half-bytes into ASCII hex digits. */
+static const char hexdigits[] = {
+	'0', '1', '2', '3', '4', '5', '6', '7',
+	'8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
+};
+
+/** Implementation of the HEX() SQL built-in function. */
+static void
+func_hex(struct sql_context *ctx, int argc, struct Mem **argv)
+{
+	assert(argc == 1);
+	(void)argc;
+	if (argv[0]->type == MEM_TYPE_NULL)
+		return mem_set_null(ctx->pOut);
+
+	assert(argv[0]->type == MEM_TYPE_BIN && argv[0]->n >= 0);
+	assert((argv[0]->flags & MEM_Zero) == 0 || argv[0]->u.nZero >= 0);
+	uint32_t size = 2 * argv[0]->n;
+	if ((argv[0]->flags & MEM_Zero) != 0)
+		size += 2 * argv[0]->u.nZero;
+	if (size == 0)
+		return mem_set_str0_static(ctx->pOut, "");
+
+	char *str = sqlDbMallocRawNN(sql_get(), size);
+	if (str == NULL) {
+		ctx->is_aborted = true;
+		return;
+	}
+	for (int i = 0; i < argv[0]->n; ++i) {
+		char c = argv[0]->z[i];
+		str[2 * i] = hexdigits[(c >> 4) & 0xf];
+		str[2 * i + 1] = hexdigits[c & 0xf];
+	}
+	if ((argv[0]->flags & MEM_Zero) != 0) {
+		for (int i = 0; i < argv[0]->u.nZero; ++i) {
+			int j = argv[0]->n + i;
+			str[2 * j] = '0';
+			str[2 * j + 1] = '0';
+		}
+	}
+	mem_set_str_allocated(ctx->pOut, str, size);
+}
+
 static const unsigned char *
 mem_as_ustr(struct Mem *mem)
 {
@@ -1072,14 +1115,6 @@ sql_func_version(struct sql_context *context,
 	sql_result_text(context, tarantool_version(), -1, SQL_STATIC);
 }
 
-/* Array for converting from half-bytes (nybbles) into ASCII hex
- * digits.
- */
-static const char hexdigits[] = {
-	'0', '1', '2', '3', '4', '5', '6', '7',
-	'8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
-};
-
 /*
  * Implementation of the QUOTE() function.  This function takes a single
  * argument.  If the argument is numeric, the return value is the same as
@@ -1233,33 +1268,6 @@ charFunc(sql_context * context, int argc, sql_value ** argv)
 	sql_result_text64(context, (char *)z, zOut - z, sql_free);
 }
 
-/*
- * The hex() function.  Interpret the argument as a blob.  Return
- * a hexadecimal rendering as text.
- */
-static void
-hexFunc(sql_context * context, int argc, sql_value ** argv)
-{
-	int i, n;
-	const unsigned char *pBlob;
-	char *zHex, *z;
-	assert(argc == 1);
-	UNUSED_PARAMETER(argc);
-	pBlob = mem_as_bin(argv[0]);
-	n = mem_len_unsafe(argv[0]);
-	assert(pBlob == mem_as_bin(argv[0]));	/* No encoding change */
-	z = zHex = contextMalloc(context, ((i64) n) * 2 + 1);
-	if (zHex) {
-		for (i = 0; i < n; i++, pBlob++) {
-			unsigned char c = *pBlob;
-			*(z++) = hexdigits[(c >> 4) & 0xf];
-			*(z++) = hexdigits[c & 0xf];
-		}
-		*z = 0;
-		sql_result_text(context, zHex, n * 2, sql_free);
-	}
-}
-
 /*
  * The zeroblob(N) function returns a zero-filled blob of size N bytes.
  */
@@ -2034,7 +2042,7 @@ static struct sql_func_definition definitions[] = {
 	{"GROUP_CONCAT", 2, {FIELD_TYPE_VARBINARY, FIELD_TYPE_VARBINARY},
 	 FIELD_TYPE_VARBINARY, groupConcatStep, groupConcatFinalize},
 
-	{"HEX", 1, {FIELD_TYPE_VARBINARY}, FIELD_TYPE_STRING, hexFunc, NULL},
+	{"HEX", 1, {FIELD_TYPE_VARBINARY}, FIELD_TYPE_STRING, func_hex, NULL},
 	{"IFNULL", 2, {FIELD_TYPE_ANY, FIELD_TYPE_ANY}, FIELD_TYPE_SCALAR,
 	 sql_builtin_stub, NULL},
 
diff --git a/test/sql-tap/engine.cfg b/test/sql-tap/engine.cfg
index 35754f769..664cfdd77 100644
--- a/test/sql-tap/engine.cfg
+++ b/test/sql-tap/engine.cfg
@@ -35,6 +35,7 @@
     "built-in-functions.test.lua": {
         "memtx": {"engine": "memtx"}
     },
+    "gh-6113-assert-in-hex-on-zeroblob.test.lua": {},
     "gh-4077-iproto-execute-no-bind.test.lua": {},
     "*": {
         "memtx": {"engine": "memtx"},
diff --git a/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua b/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua
new file mode 100755
index 000000000..91a29a5b4
--- /dev/null
+++ b/test/sql-tap/gh-6113-assert-in-hex-on-zeroblob.test.lua
@@ -0,0 +1,13 @@
+#!/usr/bin/env tarantool
+local test = require("sqltester")
+test:plan(1)
+
+test:do_execsql_test(
+    "gh-6113",
+    [[
+        SELECT hex(zeroblob(0)), hex(zeroblob(10));
+    ]], {
+        '', '00000000000000000000'
+    })
+
+test:finish_test()
-- 
2.25.1