From 821d495d730b53875618c8c908e4d4e0fdf4bee6 Mon Sep 17 00:00:00 2001
From: Nikita Pettik <korablev@tarantool.org>
Date: Wed, 20 Feb 2019 02:20:29 +0300
Subject: [PATCH] sql: raise integer overflow error during msgpack decode

Since previous commit allows us to raise an error during msgpack decode
inside VDBE, lets do this if decoded integer is out of
[INT64_MIN, INT64_MAX] range and set "integer is overflowed" diagnostic
message.

Closes #3735
Workaround for #3810
---
 src/box/sql/vdbe.c                 |  7 +++++--
 src/box/sql/vdbeaux.c              | 10 +++++-----
 test/sql/integer-overflow.result   | 18 ++++++++++++++++++
 test/sql/integer-overflow.test.lua |  8 ++++++++
 4 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/src/box/sql/vdbe.c b/src/box/sql/vdbe.c
index 8889bdce20..24d9ea4c80 100644
--- a/src/box/sql/vdbe.c
+++ b/src/box/sql/vdbe.c
@@ -2791,8 +2791,11 @@ case OP_Column: {
 		sqlVdbeMemSetNull(pDest);
 	}
 	uint32_t unused;
-	vdbe_decode_msgpack_into_mem((const char *)(zData + aOffset[p2]),
-				     pDest, &unused);
+	if (vdbe_decode_msgpack_into_mem((const char *)(zData + aOffset[p2]),
+					 pDest, &unused) != 0) {
+		rc = SQL_TARANTOOL_ERROR;
+		goto abort_due_to_error;
+	}
 	/* MsgPack map, array or extension (unsupported in sql).
 	 * Wrap it in a blob verbatim.
 	 */
diff --git a/src/box/sql/vdbeaux.c b/src/box/sql/vdbeaux.c
index 2b3f3f40fb..e0f66ea1bc 100644
--- a/src/box/sql/vdbeaux.c
+++ b/src/box/sql/vdbeaux.c
@@ -3725,12 +3725,12 @@ vdbe_decode_msgpack_into_mem(const char *buf, struct Mem *mem, uint32_t *len)
 	case MP_UINT: {
 		uint64_t v = mp_decode_uint(&buf);
 		if (v > INT64_MAX) {
-			mem->u.r = v;
-			mem->flags = MEM_Real;
-		} else {
-			mem->u.i = v;
-			mem->flags = MEM_Int;
+			diag_set(ClientError, ER_SQL_EXECUTE,
+				 "integer is overflowed");
+			return -1;
 		}
+		mem->u.i = v;
+		mem->flags = MEM_Int;
 		break;
 	}
 	case MP_INT: {
diff --git a/test/sql/integer-overflow.result b/test/sql/integer-overflow.result
index 762ebbf29a..4754c046c7 100644
--- a/test/sql/integer-overflow.result
+++ b/test/sql/integer-overflow.result
@@ -56,3 +56,21 @@ box.sql.execute('SELECT CAST(9223372036854775807.0 AS INTEGER);')
 ---
 - error: 'Type mismatch: can not convert 9.22337203685478e+18 to integer'
 ...
+-- gh-3810: make sure that if space contains integers in range
+-- [INT64_MAX, UINT64_MAX], they are handled inside SQL in a
+-- proper way, which now means that an error is raised.
+--
+box.sql.execute('CREATE TABLE t (id INT PRIMARY KEY);')
+---
+...
+box.space.T:insert({9223372036854775809})
+---
+- [9223372036854775808]
+...
+box.sql.execute('SELECT * FROM t;')
+---
+- error: 'Failed to execute SQL statement: integer is overflowed'
+...
+box.space.T:drop()
+---
+...
diff --git a/test/sql/integer-overflow.test.lua b/test/sql/integer-overflow.test.lua
index ec7eb433ec..45fc209fd8 100644
--- a/test/sql/integer-overflow.test.lua
+++ b/test/sql/integer-overflow.test.lua
@@ -24,3 +24,11 @@ box.sql.execute('SELECT CAST(\'9223372036854775808\' AS INTEGER);')
 -- with error due to conversion = 8.
 --
 box.sql.execute('SELECT CAST(9223372036854775807.0 AS INTEGER);')
+-- gh-3810: make sure that if space contains integers in range
+-- [INT64_MAX, UINT64_MAX], they are handled inside SQL in a
+-- proper way, which now means that an error is raised.
+--
+box.sql.execute('CREATE TABLE t (id INT PRIMARY KEY);')
+box.space.T:insert({9223372036854775809})
+box.sql.execute('SELECT * FROM t;')
+box.space.T:drop()
-- 
GitLab