Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: fix NULL dereference in where.c #8259

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

sql: fix NULL dereference in where.c #8259

wants to merge 1 commit into from

Conversation

Lord-KA
Copy link
Contributor

@Lord-KA Lord-KA commented Feb 6, 2023

There was a ambitious pointer deref in where_loop_builder_shortcut(), that wasn't visible due to dead code.

Removed the dead code and added assert before dereference.

NO_TEST=refactoring
NO_DOC=refactoring
NO_CHANGELOG=refactoring

@Lord-KA Lord-KA requested a review from ImeevMA February 6, 2023 10:15
@Lord-KA
sql: fix NULL dereference in where.c
38394d7 
There was a ambitious pointer deref in where_loop_builder_shortcut(),
that wasn't visible due to dead code.

Remove the dead code and add assert before dereference.

NO_TEST=refactoring
NO_DOC=refactoring
NO_CHANGELOG=refactoring
@Lord-KA Lord-KA force-pushed the Lord-KA/gh-50-deref-after-null branch from 93310fe to 38394d7 Compare February 6, 2023 10:25
@coveralls
Copy link

coveralls commented Feb 6, 2023
edited

Coverage Status

Coverage: 85.488% (+0.001%) from 85.486% when pulling 38394d7 on Lord-KA:Lord-KA/gh-50-deref-after-null into d317960
on tarantool:master.

ImeevMA
ImeevMA requested changes Feb 8, 2023
View reviewed changes
Copy link
Collaborator

@ImeevMA ImeevMA left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi! Thank you for the patch! I have a few comments below. Also, I think the current commit title is not appropriate as fix assumes the bug will be fixed, which is definitely not a refactoring. Also, I think the code became dead due to an error, so it might be better to restore it instead of removing.

src/box/sql/where.c
assert(space->def != NULL);
for (uint32_t i = 0; i < space->index_count; ++i) {
struct index_def *idx_def =
space->index[i]->def;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you need a new line here?

src/box/sql/where.c
continue;
if (where_loop_assign_terms(loop, clause,
cursor, space->def,
idx_def) == 0)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can use two lines instead of three.

src/box/sql/where.c
}
} else {
/* Space is ephemeral. */
assert(space_def->id == 0);
Copy link
Collaborator

@ImeevMA ImeevMA Feb 8, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line looks rather strange. I looked at earlier commits and found that space was first obtained using space_cache_find() which would return NULL for ephemeral spaces. This was later changed to the current version, however the new version does not properly check space for being ephemeral. So most likely the code is not working as intended. I think a more appropriate solution would be to check if the space->def->id is 0 instead of a space! = NULL. However, all the mentioned changes happened 5 years ago, so it is entirely possible that the original design will not be applicable. It should probably be investigated.

@ImeevMA ImeevMA assigned Lord-KA and unassigned ImeevMA Feb 8, 2023
@Lord-KA Lord-KA marked this pull request as draft March 6, 2023 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ImeevMA ImeevMA ImeevMA requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@Lord-KA Lord-KA

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Lord-KA @coveralls @ImeevMA