[tarantool-patches] [PATCH 4/4] sql: raise integer overflow error during msgpack decode

Tarantool development patches archive
 help / color / mirror / Atom feed

From: Nikita Pettik <korablev@tarantool.org>
To: tarantool-patches@freelists.org
Cc: v.shpilevoy@tarantool.org, Nikita Pettik <korablev@tarantool.org>
Subject: [tarantool-patches] [PATCH 4/4] sql: raise integer overflow error during msgpack decode
Date: Wed, 20 Feb 2019 14:57:40 +0300	[thread overview]
Message-ID: <e1e06687950af311b6d69bdb581d7cbfb8cbaece.1550663540.git.korablev@tarantool.org> (raw)
In-Reply-To: <cover.1550663540.git.korablev@tarantool.org>
In-Reply-To: <cover.1550663540.git.korablev@tarantool.org>

Since previous commit allows us to raise an error during msgpack decode
inside VDBE, lets do this if decoded integer is out of
[INT64_MIN, INT64_MAX] range and set "integer is overflowed" diagnostic
message.

Closes #3735
Workaround for #3810
---
 src/box/sql/vdbe.c                 |  7 +++++--
 src/box/sql/vdbeaux.c              | 10 +++++-----
 test/sql/integer-overflow.result   | 18 ++++++++++++++++++
 test/sql/integer-overflow.test.lua |  8 ++++++++
 4 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/src/box/sql/vdbe.c b/src/box/sql/vdbe.c
index d38f61774..dd3797fc0 100644
--- a/src/box/sql/vdbe.c
+++ b/src/box/sql/vdbe.c
@@ -2738,8 +2738,11 @@ case OP_Column: {
 		sqlVdbeMemSetNull(pDest);
 	}
 	uint32_t unused;
-	vdbe_decode_msgpack_into_mem((const char *)(zData + aOffset[p2]),
-				     pDest, &unused);
+	if (vdbe_decode_msgpack_into_mem((const char *)(zData + aOffset[p2]),
+					 pDest, &unused) != 0) {
+		rc = SQL_TARANTOOL_ERROR;
+		goto abort_due_to_error;
+	}
 	/* MsgPack map, array or extension (unsupported in sql).
 	 * Wrap it in a blob verbatim.
 	 */
diff --git a/src/box/sql/vdbeaux.c b/src/box/sql/vdbeaux.c
index ba9b96645..4df58f20c 100644
--- a/src/box/sql/vdbeaux.c
+++ b/src/box/sql/vdbeaux.c
@@ -3715,12 +3715,12 @@ vdbe_decode_msgpack_into_mem(const char *buf, struct Mem *mem, uint32_t *len)
 	case MP_UINT: {
 		uint64_t v = mp_decode_uint(&buf);
 		if (v > INT64_MAX) {
-			mem->u.r = v;
-			mem->flags = MEM_Real;
-		} else {
-			mem->u.i = v;
-			mem->flags = MEM_Int;
+			diag_set(ClientError, ER_SQL_EXECUTE,
+				 "integer is overflowed");
+			return -1;
 		}
+		mem->u.i = v;
+		mem->flags = MEM_Int;
 		break;
 	}
 	case MP_INT: {
diff --git a/test/sql/integer-overflow.result b/test/sql/integer-overflow.result
index 762ebbf29..4754c046c 100644
--- a/test/sql/integer-overflow.result
+++ b/test/sql/integer-overflow.result
@@ -56,3 +56,21 @@ box.sql.execute('SELECT CAST(9223372036854775807.0 AS INTEGER);')
 ---
 - error: 'Type mismatch: can not convert 9.22337203685478e+18 to integer'
 ...
+-- gh-3810: make sure that if space contains integers in range
+-- [INT64_MAX, UINT64_MAX], they are handled inside SQL in a
+-- proper way, which now means that an error is raised.
+--
+box.sql.execute('CREATE TABLE t (id INT PRIMARY KEY);')
+---
+...
+box.space.T:insert({9223372036854775809})
+---
+- [9223372036854775808]
+...
+box.sql.execute('SELECT * FROM t;')
+---
+- error: 'Failed to execute SQL statement: integer is overflowed'
+...
+box.space.T:drop()
+---
+...
diff --git a/test/sql/integer-overflow.test.lua b/test/sql/integer-overflow.test.lua
index ec7eb433e..45fc209fd 100644
--- a/test/sql/integer-overflow.test.lua
+++ b/test/sql/integer-overflow.test.lua
@@ -24,3 +24,11 @@ box.sql.execute('SELECT CAST(\'9223372036854775808\' AS INTEGER);')
 -- with error due to conversion = 8.
 --
 box.sql.execute('SELECT CAST(9223372036854775807.0 AS INTEGER);')
+-- gh-3810: make sure that if space contains integers in range
+-- [INT64_MAX, UINT64_MAX], they are handled inside SQL in a
+-- proper way, which now means that an error is raised.
+--
+box.sql.execute('CREATE TABLE t (id INT PRIMARY KEY);')
+box.space.T:insert({9223372036854775809})
+box.sql.execute('SELECT * FROM t;')
+box.space.T:drop()
-- 
2.15.1

next prev parent reply	other threads:[~2019-02-20 11:57 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-20 11:57 [tarantool-patches] [PATCH 0/4] Fix integer overflow behaviour during VDBE execution Nikita Pettik
2019-02-20 11:57 ` [tarantool-patches] [PATCH 1/4] sql: raise an error if int is overflowed during math operations Nikita Pettik
2019-02-20 11:57 ` [tarantool-patches] [PATCH 2/4] sql: raise an integer overflow error during CAST Nikita Pettik
2019-02-20 11:57 ` [tarantool-patches] [PATCH 3/4] sql: refactor sqlVdbeMsgpackGet() Nikita Pettik
2019-02-20 11:57 ` Nikita Pettik [this message]
2019-02-20 18:25   ` [tarantool-patches] Re: [PATCH 4/4] sql: raise integer overflow error during msgpack decode Konstantin Osipov
2019-02-20 18:39     ` n.pettik
2019-02-20 18:46       ` Konstantin Osipov
2019-02-22 18:30 ` [tarantool-patches] Re: [PATCH 0/4] Fix integer overflow behaviour during VDBE execution Vladislav Shpilevoy
2019-02-25 11:58 ` Kirill Yukhin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e1e06687950af311b6d69bdb581d7cbfb8cbaece.1550663540.git.korablev@tarantool.org \
    --to=korablev@tarantool.org \
    --cc=tarantool-patches@freelists.org \
    --cc=v.shpilevoy@tarantool.org \
    --subject='Re: [tarantool-patches] [PATCH 4/4] sql: raise integer overflow error during msgpack decode' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox