From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id C6C27217E4 for ; Wed, 20 Feb 2019 06:57:46 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PMSKaAjOOATo for ; Wed, 20 Feb 2019 06:57:46 -0500 (EST) Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 360122145C for ; Wed, 20 Feb 2019 06:57:46 -0500 (EST) From: Nikita Pettik Subject: [tarantool-patches] [PATCH 4/4] sql: raise integer overflow error during msgpack decode Date: Wed, 20 Feb 2019 14:57:40 +0300 Message-Id: In-Reply-To: References: In-Reply-To: References: Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: tarantool-patches@freelists.org Cc: v.shpilevoy@tarantool.org, Nikita Pettik Since previous commit allows us to raise an error during msgpack decode inside VDBE, lets do this if decoded integer is out of [INT64_MIN, INT64_MAX] range and set "integer is overflowed" diagnostic message. Closes #3735 Workaround for #3810 --- src/box/sql/vdbe.c | 7 +++++-- src/box/sql/vdbeaux.c | 10 +++++----- test/sql/integer-overflow.result | 18 ++++++++++++++++++ test/sql/integer-overflow.test.lua | 8 ++++++++ 4 files changed, 36 insertions(+), 7 deletions(-) diff --git a/src/box/sql/vdbe.c b/src/box/sql/vdbe.c index d38f61774..dd3797fc0 100644 --- a/src/box/sql/vdbe.c +++ b/src/box/sql/vdbe.c @@ -2738,8 +2738,11 @@ case OP_Column: { sqlVdbeMemSetNull(pDest); } uint32_t unused; - vdbe_decode_msgpack_into_mem((const char *)(zData + aOffset[p2]), - pDest, &unused); + if (vdbe_decode_msgpack_into_mem((const char *)(zData + aOffset[p2]), + pDest, &unused) != 0) { + rc = SQL_TARANTOOL_ERROR; + goto abort_due_to_error; + } /* MsgPack map, array or extension (unsupported in sql). * Wrap it in a blob verbatim. */ diff --git a/src/box/sql/vdbeaux.c b/src/box/sql/vdbeaux.c index ba9b96645..4df58f20c 100644 --- a/src/box/sql/vdbeaux.c +++ b/src/box/sql/vdbeaux.c @@ -3715,12 +3715,12 @@ vdbe_decode_msgpack_into_mem(const char *buf, struct Mem *mem, uint32_t *len) case MP_UINT: { uint64_t v = mp_decode_uint(&buf); if (v > INT64_MAX) { - mem->u.r = v; - mem->flags = MEM_Real; - } else { - mem->u.i = v; - mem->flags = MEM_Int; + diag_set(ClientError, ER_SQL_EXECUTE, + "integer is overflowed"); + return -1; } + mem->u.i = v; + mem->flags = MEM_Int; break; } case MP_INT: { diff --git a/test/sql/integer-overflow.result b/test/sql/integer-overflow.result index 762ebbf29..4754c046c 100644 --- a/test/sql/integer-overflow.result +++ b/test/sql/integer-overflow.result @@ -56,3 +56,21 @@ box.sql.execute('SELECT CAST(9223372036854775807.0 AS INTEGER);') --- - error: 'Type mismatch: can not convert 9.22337203685478e+18 to integer' ... +-- gh-3810: make sure that if space contains integers in range +-- [INT64_MAX, UINT64_MAX], they are handled inside SQL in a +-- proper way, which now means that an error is raised. +-- +box.sql.execute('CREATE TABLE t (id INT PRIMARY KEY);') +--- +... +box.space.T:insert({9223372036854775809}) +--- +- [9223372036854775808] +... +box.sql.execute('SELECT * FROM t;') +--- +- error: 'Failed to execute SQL statement: integer is overflowed' +... +box.space.T:drop() +--- +... diff --git a/test/sql/integer-overflow.test.lua b/test/sql/integer-overflow.test.lua index ec7eb433e..45fc209fd 100644 --- a/test/sql/integer-overflow.test.lua +++ b/test/sql/integer-overflow.test.lua @@ -24,3 +24,11 @@ box.sql.execute('SELECT CAST(\'9223372036854775808\' AS INTEGER);') -- with error due to conversion = 8. -- box.sql.execute('SELECT CAST(9223372036854775807.0 AS INTEGER);') +-- gh-3810: make sure that if space contains integers in range +-- [INT64_MAX, UINT64_MAX], they are handled inside SQL in a +-- proper way, which now means that an error is raised. +-- +box.sql.execute('CREATE TABLE t (id INT PRIMARY KEY);') +box.space.T:insert({9223372036854775809}) +box.sql.execute('SELECT * FROM t;') +box.space.T:drop() -- 2.15.1