From 8e5fcb688feac6826310b937cb26ca817fbf358d Mon Sep 17 00:00:00 2001
From: obdev <obdev@oceanbase.com>
Date: Tue, 25 Oct 2022 18:08:45 +0800
Subject: [PATCH] fix memory out of bounds in to_cstring

---
 deps/oblib/src/lib/trace/ob_trace.cpp       | 14 +++---
 deps/oblib/src/lib/trace/ob_trace.h         | 49 +++++++--------------
 deps/oblib/src/lib/utility/ob_print_utils.h |  2 +-
 3 files changed, 25 insertions(+), 40 deletions(-)

diff --git a/deps/oblib/src/lib/trace/ob_trace.cpp b/deps/oblib/src/lib/trace/ob_trace.cpp
index 9c50d1b4d9..9a342d0d64 100644
--- a/deps/oblib/src/lib/trace/ob_trace.cpp
+++ b/deps/oblib/src/lib/trace/ob_trace.cpp
@@ -255,12 +255,12 @@ int UUID::deserialize(const char* buf, const int64_t buf_len, int64_t& pos)
 int to_string_and_strip(const char* str, const int64_t length, char* buf, const int64_t buf_len, int64_t& pos)
 {
   int ret = OB_SUCCESS;
-  char from[] = "\"\n\r\\";
-  const char* to[] = { "\\\"", "\\n", "\\r", "\\\\"};
+  char from[] = "\"\n\r\\\t";
+  const char* to[] = { "\\\"", "\\n", "\\r", "\\\\", " "};
   buf[pos++] = '\"';
   for (auto j = 0; j < length && str[j]; ++j) {
     bool conv = false;
-    for (auto i = 0; i < 4; ++i) {
+    for (auto i = 0; i < sizeof(from) - 1; ++i) {
       if (from[i] == str[j]) {
         for (const char* toc = to[i]; *toc; ++toc) {
           if (pos < buf_len) {
@@ -341,15 +341,15 @@ ObSpanCtx::ObSpanCtx()
 ObTrace* ObTrace::get_instance()
 {
   if (OB_ISNULL(save_buffer)) {
-    thread_local char* default_tsi_buffer = (char*)GET_TSI(ByteBuf<8 * DEFAULT_BUFFER_SIZE>);
-    thread_local char default_tls_buffer[DEFAULT_BUFFER_SIZE];
+    thread_local char* default_tsi_buffer = (char*)GET_TSI(ByteBuf<DEFAULT_BUFFER_SIZE>);
+    thread_local char default_tls_buffer[MIN_BUFFER_SIZE];
     struct Guard {
       Guard(char* buffer, int64_t size) {
         IGNORE_RETURN new(buffer) ObTrace(size);
       }
     };
-    thread_local Guard guard1(default_tsi_buffer, 8 * DEFAULT_BUFFER_SIZE);
-    thread_local Guard guard2(default_tls_buffer, 1 * DEFAULT_BUFFER_SIZE);
+    thread_local Guard guard1(default_tsi_buffer, DEFAULT_BUFFER_SIZE);
+    thread_local Guard guard2(default_tls_buffer, MIN_BUFFER_SIZE);
     if (OB_ISNULL(default_tsi_buffer)) {
       save_buffer = (ObTrace*)default_tls_buffer;
       LIB_LOG(WARN, "tsi was nullptr");
diff --git a/deps/oblib/src/lib/trace/ob_trace.h b/deps/oblib/src/lib/trace/ob_trace.h
index 9db0bbec14..4f2ab0f94d 100644
--- a/deps/oblib/src/lib/trace/ob_trace.h
+++ b/deps/oblib/src/lib/trace/ob_trace.h
@@ -209,7 +209,7 @@ struct ObSpanCtx final : public common::ObDLinkBase<ObSpanCtx>
 struct ObTrace
 {
   static constexpr uint64_t MAGIC_CODE = 0x1234567887654321ul;
-  static constexpr int64_t DEFAULT_BUFFER_SIZE = (1L << 13);
+  static constexpr int64_t DEFAULT_BUFFER_SIZE = (1L << 16);
   static constexpr int64_t MIN_BUFFER_SIZE = (1L << 13);
   static ObTrace* get_instance();
   static void set_trace_buffer(void* buffer, int64_t buffer_size);
@@ -273,46 +273,31 @@ struct ObTrace
   bool append_tag(ObTagType tag_type, const T& value)
   {
     int ret = false;
+    ObString v("");
     if (OB_ISNULL(value.ptr())) {
       // do nothing
     } else {
-      auto l = value.length();
-      if (offset_ + sizeof(ObTagCtx<void*>) + l + 1 - sizeof(void*) >= buffer_size_) {
-        // do nothing
-      } else {
-        ObTagCtx<void*>* tag = new (data_ + offset_) ObTagCtx<void*>;
-        tag->next_ = last_active_span_->tags_;
-        last_active_span_->tags_ = tag;
-        tag->tag_type_ = tag_type;
-        memcpy(&(tag->data_), value.ptr(), l);
-        offset_ += (sizeof(ObTagCtx<void*>) + l + 1 - sizeof(void*));
-        data_[offset_ - 1] = '\0';
-        ret = true;
-      }
+      v = value;
+    }
+    auto l = v.length();
+    if (offset_ + sizeof(ObTagCtx<void*>) + l + 1 - sizeof(void*) >= buffer_size_) {
+      // do nothing
+    } else {
+      ObTagCtx<void*>* tag = new (data_ + offset_) ObTagCtx<void*>;
+      tag->next_ = last_active_span_->tags_;
+      last_active_span_->tags_ = tag;
+      tag->tag_type_ = tag_type;
+      memcpy(&(tag->data_), v.ptr(), l);
+      offset_ += (sizeof(ObTagCtx<void*>) + l + 1 - sizeof(void*));
+      data_[offset_ - 1] = '\0';
+      ret = true;
     }
     return ret;
   }
   template<class T, typename std::enable_if<std::is_convertible<T, const char*>::value, bool>::type = true>
   bool append_tag(ObTagType tag_type, const T& value)
   {
-    int ret = false;
-    if (OB_ISNULL(value)) {
-      // do nothing
-    } else {
-      auto l = strlen(value);
-      if (offset_ + sizeof(ObTagCtx<void*>) + l + 1 - sizeof(void*) >= buffer_size_) {
-        // do nothing
-      } else {
-        ObTagCtx<void*>* tag = new (data_ + offset_) ObTagCtx<void*>;
-        tag->next_ = last_active_span_->tags_;
-        last_active_span_->tags_ = tag;
-        tag->tag_type_ = tag_type;
-        memcpy(&(tag->data_), value, l + 1);
-        offset_ += (sizeof(ObTagCtx<void*>) + l + 1 - sizeof(void*));
-        ret = true;
-      }
-    }
-    return ret;
+    return append_tag(tag_type, OB_ISNULL(value) ? ObString("") : ObString(value));
   }
 private:
   bool check_magic() { return MAGIC_CODE == magic_code_; }
diff --git a/deps/oblib/src/lib/utility/ob_print_utils.h b/deps/oblib/src/lib/utility/ob_print_utils.h
index 2a33aba00b..674eac5d09 100644
--- a/deps/oblib/src/lib/utility/ob_print_utils.h
+++ b/deps/oblib/src/lib/utility/ob_print_utils.h
@@ -202,7 +202,7 @@ public:
 private:
   BufList list_;
   int64_t level_;
-  int idx_;
+  uint64_t idx_;
 };
 
 template <typename T>