From 32f3fbce4a64984104c0a73f94267ffceb16a54e Mon Sep 17 00:00:00 2001
From: WeiXinChan <chenwx6728@163.com>
Date: Mon, 17 Jun 2024 19:13:06 +0000
Subject: [PATCH] [CP] [Bugfix] fix core dump cause use after free in session
 pool

---
 src/observer/table/ob_table_session_pool.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/observer/table/ob_table_session_pool.cpp b/src/observer/table/ob_table_session_pool.cpp
index cb9d326922..9ad2fd15f1 100644
--- a/src/observer/table/ob_table_session_pool.cpp
+++ b/src/observer/table/ob_table_session_pool.cpp
@@ -327,6 +327,10 @@ void ObTableApiSessPool::destroy()
   loop all session node to retire.
   - nodes which have not been visited for more than 5 minutes will be retired.
   - move retired node to retired list.
+  - why do I need to check whether the node is empty ？
+    -- after a node is created, the session may be initialized in init_sess_info() for
+    -- more than SESS_RETIRE_TIME (unit migration scenario).
+    -- If the node is deleted during this time, it will be used after free.
 */
 int ObTableApiSessPool::retire_session_node()
 {
@@ -341,7 +345,7 @@ int ObTableApiSessPool::retire_session_node()
     const int64_t N = arr.count();
     for (int64_t i = 0; OB_SUCC(ret) && i < N; ++i) {
       const ObTableApiSessForeachOp::ObTableApiSessKV &kv = arr.at(i);
-      if (cur_time - kv.node_->get_last_active_ts() >= SESS_RETIRE_TIME) {
+      if (cur_time - kv.node_->get_last_active_ts() >= SESS_RETIRE_TIME && !kv.node_->is_empty()) {
         ObTableApiSessNode *del_node = nullptr;
         if (OB_FAIL(key_node_map_.erase_refactored(kv.key_, &del_node))) {
           if (OB_HASH_NOT_EXIST != ret) {