hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[CP] fix: core dump cause by properties_name buffer use after free

Browse Source
This commit is contained in:
obdev
2024-02-08 14:57:04 +00:00
committed by ob-robot
parent 2e200bc613
commit 08e3d827d3
4 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/observer/table/ob_table_query_common.cpp
View File

@ -68,8 +68,8 @@ int ObTableQueryUtils::generate_query_result_iterator(ObIAllocator &allocator,
bool has_filter = (query.get_htable_filter().is_valid() || query.get_filter_string().length() > 0); bool has_filter = (query.get_htable_filter().is_valid() || query.get_filter_string().length() > 0);
const ObString &kv_attributes = tb_ctx.get_table_schema()->get_kv_attributes(); const ObString &kv_attributes = tb_ctx.get_table_schema()->get_kv_attributes();
if (OB_FAIL(one_result.assign_property_names(tb_ctx.get_query_col_names()))) { if (OB_FAIL(one_result.deep_copy_property_names(tb_ctx.get_query_col_names()))) {
LOG_WARN("fail to assign property names to one result", K(ret), K(tb_ctx)); LOG_WARN("fail to deep copy property names to one result", K(ret), K(tb_ctx));
} else if (has_filter) { } else if (has_filter) {
if (is_hkv) { if (is_hkv) {
ObHTableFilterOperator *htable_result_iter = nullptr; ObHTableFilterOperator *htable_result_iter = nullptr;

2
src/observer/table/ob_table_query_sync_processor.cpp
View File

@ -542,7 +542,7 @@ int ObTableQuerySyncP::query_scan_without_init()
if (OB_ISNULL(result_iter)) { if (OB_ISNULL(result_iter)) {
ret = OB_ERR_NULL_VALUE; ret = OB_ERR_NULL_VALUE;
LOG_WARN("unexpected null result iterator", K(ret)); LOG_WARN("unexpected null result iterator", K(ret));
} else if (OB_FAIL(result_.assign_property_names(tb_ctx.get_query_col_names()))) { } else if (OB_FAIL(result_.deep_copy_property_names(tb_ctx.get_query_col_names()))) {
LOG_WARN("fail to assign property names to one result", K(ret), K(tb_ctx)); LOG_WARN("fail to assign property names to one result", K(ret), K(tb_ctx));
} else { } else {
ObTableQueryResult *query_result = nullptr; ObTableQueryResult *query_result = nullptr;

6
src/share/table/ob_table.cpp
View File

@ -1313,7 +1313,8 @@ OB_SERIALIZE_MEMBER_IF(ObHTableFilter,
//////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////
ObTableQueryResult::ObTableQueryResult() ObTableQueryResult::ObTableQueryResult()
:row_count_(0), :row_count_(0),
allocator_(ObModIds::TABLE_PROC), allocator_(ObModIds::TABLE_PROC, OB_MALLOC_NORMAL_BLOCK_SIZE, MTL_ID()),
prop_name_allocator_(ObModIds::TABLE_PROC, OB_MALLOC_NORMAL_BLOCK_SIZE, MTL_ID()),
fixed_result_size_(0), fixed_result_size_(0),
curr_idx_(0) curr_idx_(0)
{ {
@ -1333,6 +1334,7 @@ void ObTableQueryResult::reset()
{ {
properties_names_.reset(); properties_names_.reset();
reset_except_property(); reset_except_property();
prop_name_allocator_.reset();
} }
void ObTableQueryResult::rewind() void ObTableQueryResult::rewind()
@ -1415,7 +1417,7 @@ int ObTableQueryResult::deep_copy_property_names(const ObIArray<ObString> &other
} }
for (int64_t i = 0; OB_SUCC(ret) && i < other.count(); i++) { for (int64_t i = 0; OB_SUCC(ret) && i < other.count(); i++) {
if (OB_FAIL(ob_write_string(allocator_, other.at(i), properties_names_.at(i)))) { if (OB_FAIL(ob_write_string(prop_name_allocator_, other.at(i), properties_names_.at(i)))) {
LOG_WARN("failed to write string", K(ret), K(other.at(i))); LOG_WARN("failed to write string", K(ret), K(other.at(i)));
} }
} }

1
src/share/table/ob_table.h
View File

@ -873,6 +873,7 @@ private:
int64_t row_count_; // serialize int64_t row_count_; // serialize
common::ObDataBuffer buf_; // serialize common::ObDataBuffer buf_; // serialize
common::ObArenaAllocator allocator_; common::ObArenaAllocator allocator_;
common::ObArenaAllocator prop_name_allocator_;
int64_t fixed_result_size_; int64_t fixed_result_size_;
// for deserialize and read // for deserialize and read
int64_t curr_idx_; int64_t curr_idx_;