From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounce@freelists.org>
Received: from localhost (localhost [127.0.0.1])
	by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id C6C27217E4
	for <tarantool-patches@freelists.org>; Wed, 20 Feb 2019 06:57:46 -0500 (EST)
Received: from turing.freelists.org ([127.0.0.1])
	by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id PMSKaAjOOATo for <tarantool-patches@freelists.org>;
	Wed, 20 Feb 2019 06:57:46 -0500 (EST)
Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 360122145C
	for <tarantool-patches@freelists.org>; Wed, 20 Feb 2019 06:57:46 -0500 (EST)
From: Nikita Pettik <korablev@tarantool.org>
Subject: [tarantool-patches] [PATCH 4/4] sql: raise integer overflow error during msgpack decode
Date: Wed, 20 Feb 2019 14:57:40 +0300
Message-Id: <e1e06687950af311b6d69bdb581d7cbfb8cbaece.1550663540.git.korablev@tarantool.org>
In-Reply-To: <cover.1550663540.git.korablev@tarantool.org>
References: <cover.1550663540.git.korablev@tarantool.org>
In-Reply-To: <cover.1550663540.git.korablev@tarantool.org>
References: <cover.1550663540.git.korablev@tarantool.org>
Sender: tarantool-patches-bounce@freelists.org
Errors-to: tarantool-patches-bounce@freelists.org
Reply-To: tarantool-patches@freelists.org
List-help: <mailto:ecartis@freelists.org?Subject=help>
List-unsubscribe: <tarantool-patches-request@freelists.org?Subject=unsubscribe>
List-software: Ecartis version 1.0.0
List-Id: tarantool-patches <tarantool-patches.freelists.org>
List-subscribe: <tarantool-patches-request@freelists.org?Subject=subscribe>
List-owner: <mailto:>
List-post: <mailto:tarantool-patches@freelists.org>
List-archive: <http://www.freelists.org/archives/tarantool-patches>
To: tarantool-patches@freelists.org
Cc: v.shpilevoy@tarantool.org, Nikita Pettik <korablev@tarantool.org>

Since previous commit allows us to raise an error during msgpack decode
inside VDBE, lets do this if decoded integer is out of
[INT64_MIN, INT64_MAX] range and set "integer is overflowed" diagnostic
message.

Closes #3735
Workaround for #3810
---
 src/box/sql/vdbe.c                 |  7 +++++--
 src/box/sql/vdbeaux.c              | 10 +++++-----
 test/sql/integer-overflow.result   | 18 ++++++++++++++++++
 test/sql/integer-overflow.test.lua |  8 ++++++++
 4 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/src/box/sql/vdbe.c b/src/box/sql/vdbe.c
index d38f61774..dd3797fc0 100644
--- a/src/box/sql/vdbe.c
+++ b/src/box/sql/vdbe.c
@@ -2738,8 +2738,11 @@ case OP_Column: {
 		sqlVdbeMemSetNull(pDest);
 	}
 	uint32_t unused;
-	vdbe_decode_msgpack_into_mem((const char *)(zData + aOffset[p2]),
-				     pDest, &unused);
+	if (vdbe_decode_msgpack_into_mem((const char *)(zData + aOffset[p2]),
+					 pDest, &unused) != 0) {
+		rc = SQL_TARANTOOL_ERROR;
+		goto abort_due_to_error;
+	}
 	/* MsgPack map, array or extension (unsupported in sql).
 	 * Wrap it in a blob verbatim.
 	 */
diff --git a/src/box/sql/vdbeaux.c b/src/box/sql/vdbeaux.c
index ba9b96645..4df58f20c 100644
--- a/src/box/sql/vdbeaux.c
+++ b/src/box/sql/vdbeaux.c
@@ -3715,12 +3715,12 @@ vdbe_decode_msgpack_into_mem(const char *buf, struct Mem *mem, uint32_t *len)
 	case MP_UINT: {
 		uint64_t v = mp_decode_uint(&buf);
 		if (v > INT64_MAX) {
-			mem->u.r = v;
-			mem->flags = MEM_Real;
-		} else {
-			mem->u.i = v;
-			mem->flags = MEM_Int;
+			diag_set(ClientError, ER_SQL_EXECUTE,
+				 "integer is overflowed");
+			return -1;
 		}
+		mem->u.i = v;
+		mem->flags = MEM_Int;
 		break;
 	}
 	case MP_INT: {
diff --git a/test/sql/integer-overflow.result b/test/sql/integer-overflow.result
index 762ebbf29..4754c046c 100644
--- a/test/sql/integer-overflow.result
+++ b/test/sql/integer-overflow.result
@@ -56,3 +56,21 @@ box.sql.execute('SELECT CAST(9223372036854775807.0 AS INTEGER);')
 ---
 - error: 'Type mismatch: can not convert 9.22337203685478e+18 to integer'
 ...
+-- gh-3810: make sure that if space contains integers in range
+-- [INT64_MAX, UINT64_MAX], they are handled inside SQL in a
+-- proper way, which now means that an error is raised.
+--
+box.sql.execute('CREATE TABLE t (id INT PRIMARY KEY);')
+---
+...
+box.space.T:insert({9223372036854775809})
+---
+- [9223372036854775808]
+...
+box.sql.execute('SELECT * FROM t;')
+---
+- error: 'Failed to execute SQL statement: integer is overflowed'
+...
+box.space.T:drop()
+---
+...
diff --git a/test/sql/integer-overflow.test.lua b/test/sql/integer-overflow.test.lua
index ec7eb433e..45fc209fd 100644
--- a/test/sql/integer-overflow.test.lua
+++ b/test/sql/integer-overflow.test.lua
@@ -24,3 +24,11 @@ box.sql.execute('SELECT CAST(\'9223372036854775808\' AS INTEGER);')
 -- with error due to conversion = 8.
 --
 box.sql.execute('SELECT CAST(9223372036854775807.0 AS INTEGER);')
+-- gh-3810: make sure that if space contains integers in range
+-- [INT64_MAX, UINT64_MAX], they are handled inside SQL in a
+-- proper way, which now means that an error is raised.
+--
+box.sql.execute('CREATE TABLE t (id INT PRIMARY KEY);')
+box.space.T:insert({9223372036854775809})
+box.sql.execute('SELECT * FROM t;')
+box.space.T:drop()
-- 
2.15.1