From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounce@freelists.org>
Received: from localhost (localhost [127.0.0.1])
	by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 456EE30C2C
	for <tarantool-patches@freelists.org>; Thu,  6 Dec 2018 01:59:27 -0500 (EST)
Received: from turing.freelists.org ([127.0.0.1])
	by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id B8gThsYKUqHG for <tarantool-patches@freelists.org>;
	Thu,  6 Dec 2018 01:59:27 -0500 (EST)
Received: from smtpng3.m.smailru.net (smtpng3.m.smailru.net [94.100.177.149])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 9D05C30C2B
	for <tarantool-patches@freelists.org>; Thu,  6 Dec 2018 01:59:26 -0500 (EST)
Subject: [tarantool-patches] Re: [PATCH v1 1/1] sql: fix
 tarantoolSqlite3TupleColumnFast
References: <a2427513583b3c0e63f9e976babdf84fe6a9a6dd.1543945044.git.kshcherbatov@tarantool.org>
 <fe963156-9765-b353-e0ca-66e5669547f9@tarantool.org>
 <f46fd82c-e3ae-a4e6-454a-e59b633ba99c@tarantool.org>
 <f33a53d8-6e45-f31e-dc6c-e86860de5000@tarantool.org>
From: Kirill Shcherbatov <kshcherbatov@tarantool.org>
Message-ID: <df9114ba-663e-3065-8d99-c6f2a70f7577@tarantool.org>
Date: Thu, 6 Dec 2018 09:59:21 +0300
MIME-Version: 1.0
In-Reply-To: <f33a53d8-6e45-f31e-dc6c-e86860de5000@tarantool.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: tarantool-patches-bounce@freelists.org
Errors-to: tarantool-patches-bounce@freelists.org
Reply-To: tarantool-patches@freelists.org
List-help: <mailto:ecartis@freelists.org?Subject=help>
List-unsubscribe: <tarantool-patches-request@freelists.org?Subject=unsubscribe>
List-software: Ecartis version 1.0.0
List-Id: tarantool-patches <tarantool-patches.freelists.org>
List-subscribe: <tarantool-patches-request@freelists.org?Subject=subscribe>
List-owner: <mailto:>
List-post: <mailto:tarantool-patches@freelists.org>
List-archive: <http://www.freelists.org/archives/tarantool-patches>
To: tarantool-patches@freelists.org, Vladislav Shpilevoy <v.shpilevoy@tarantool.org>

Hi! Thank you for research, I've included your conclusions to
the commit message.


The tarantoolSqlite3TupleColumnFast routine used to lookup
offset_slot in unallocated memory in some cases.
The assert with exact_field_count same as motivation to change
old correct assert with field_count in 7a8de28 is not correct.
assert(format->exact_field_count == 0 ||
       fieldno < format->exact_field_count);
The tarantoolSqlite3TupleColumnFast routine requires offset_slot
that has been allocated during tuple_format_create call. This
value is stored in indexed field with index that limited with
index_field_count that is <= field_count. Look at
tuple_format_alloc for more details.

The format in cursor triggering valid assertion has such
structure because first 4 tuples in _space: 257, 272, 276 and
280 have an old format of _space with only one field
(format->field_count == 1).
It happens because these 4 tuples are recovered not after tuple
with id 280 which stores actual format of _space. After tuple
280 is recovered, an actual format is set in struct space of
_space and all next tuples have full featured formats.

So for these 4 tuples tarantoolSqlite3TupleColumnFast can fail
even if a field exists, is indexed and has a name. Those
features are just described in a newer format.
(thank Gerold103 for problem explanation)

Closes #3772