diff --git a/src/box/tuple.cc b/src/box/tuple.cc
index ce85c7850df3c1c89cfaf8a9588089226ca49dda..ee56448f957b2e19064b261d45cc39b243ce7e35 100644
--- a/src/box/tuple.cc
+++ b/src/box/tuple.cc
@@ -374,14 +374,24 @@ tuple_update(struct tuple_format *format,
return new_tuple;
}
+static inline void
+tuple_verify_data(const char **begin, const char *end, uint32_t field_count)
+{
+ while (*begin < end && field_count-- > 0) {
+ size_t len = load_varint32(begin);
+ *begin += len;
+ }
+ if (field_count > 0 || *begin != end)
+ tnt_raise(IllegalParams, "during verifying tuple: incorrect tuple format");
+}
+
struct tuple *
tuple_new(struct tuple_format *format, uint32_t field_count,
const char **data, const char *end)
{
size_t tuple_len = end - *data;
- if (tuple_len != tuple_range_size(data, end, field_count))
- tnt_raise(IllegalParams, "tuple_new(): incorrect tuple format");
+ tuple_verify_data(data, end, field_count);
struct tuple *new_tuple = tuple_alloc(format, tuple_len);
new_tuple->field_count = field_count;
diff --git a/src/box/tuple.h b/src/box/tuple.h
index f317bfcc666fc0fc5b6cc7922204826556148561..0d298a7597d7387614b67ce38a490ab10dc80c8f 100644
--- a/src/box/tuple.h
+++ b/src/box/tuple.h
@@ -306,17 +306,6 @@ static inline size_t tuple_len(struct tuple *tuple)
sizeof(tuple->field_count);
}
-static inline size_t
-tuple_range_size(const char **begin, const char *end, uint32_t count)
-{
- const char *start = *begin;
- while (*begin < end && count-- > 0) {
- size_t len = load_varint32(begin);
- *begin += len;
- }
- return *begin - start;
-}
-
void tuple_free(struct tuple *tuple);
/**
diff --git a/test/box/lua.result b/test/box/lua.result
index 67f9e68bc5c7191d02c53109bff6fd99e8a60b35..738f72ec21f86972fe9bd00298554114d94cc763 100644
--- a/test/box/lua.result
+++ b/test/box/lua.result
@@ -237,6 +237,10 @@ lua function f1() return f1 end
...
call f1()
An error occurred: ER_PROC_RET, 'Return type 'function' is not supported in the binary protocol'
+lua box.process(13, box.pack('iiippp', 0, 0, 99999, 99999, 'wrong', 'tuple'))
+---
+error: 'Illegal parameters, during verifying tuple: incorrect tuple format'
+...
insert into t0 values (1, 'test box delete')
Insert OK, 1 row affected
call box.delete('0', '����')
diff --git a/test/box/lua.test b/test/box/lua.test
index df33d12b8e9be4ec4987b854bdc960bb7260c78b..1216a89391b234ee1c6f14b74d7376b3858e0a76 100644
--- a/test/box/lua.test
+++ b/test/box/lua.test
@@ -63,6 +63,9 @@ exec sql "call f1()"
exec admin "lua function f1() return f1 end"
exec sql "call f1()"
+# Test case for gh-140, crash with wrong box.process(..) call
+exec admin "lua box.process(13, box.pack('iiippp', 0, 0, 99999, 99999, 'wrong', 'tuple'))"
+
exec sql "insert into t0 values (1, 'test box delete')"
exec sql "call box.delete('0', '\1\0\0\0')"
exec sql "call box.delete('0', '\1\0\0\0')"