From 926c12a4d273ded1e8d1f876623b200ea1895154 Mon Sep 17 00:00:00 2001
From: "496148326@qq.com" <496148326@qq.com>
Date: Wed, 27 Mar 2024 06:15:52 +0000
Subject: [PATCH] fix ob20 protocol memcpy out of bound issue

---
 deps/oblib/src/rpc/obmysql/ob_mysql_request_utils.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/deps/oblib/src/rpc/obmysql/ob_mysql_request_utils.cpp b/deps/oblib/src/rpc/obmysql/ob_mysql_request_utils.cpp
index 335f8173e..ec8c219a4 100644
--- a/deps/oblib/src/rpc/obmysql/ob_mysql_request_utils.cpp
+++ b/deps/oblib/src/rpc/obmysql/ob_mysql_request_utils.cpp
@@ -99,6 +99,10 @@ static int build_compressed_packet(ObEasyBuffer &src_buf,
       } else {
         len_before_compress = next_compress_size;
       }
+    } else if (next_compress_size > comp_buf_size) {
+      ret = OB_BUF_NOT_ENOUGH;
+      SERVER_LOG(WARN, "do not use real compress, dst buffer is not enough", K(ret),
+                 K(next_compress_size), K(comp_buf_size), K(lbt()));
     } else {
       //if compress off, just copy date to output buf
       MEMCPY(dst_buf.last() + OB_MYSQL_COMPRESSED_HEADER_SIZE, src_buf.read_pos(), next_compress_size);
@@ -144,6 +148,9 @@ static int build_compressed_buffer(ObEasyBuffer &orig_send_buf,
       const int64_t max_read_step = context.get_max_read_step();
       int64_t next_read_size = orig_send_buf.get_next_read_size(context.last_pkt_pos_, max_read_step);
       int64_t last_read_size = 0;
+      if (next_read_size > (comp_send_buf.write_avail_size() - OB_MYSQL_COMPRESSED_HEADER_SIZE)) {
+        next_read_size = max_read_step;
+      }
       int64_t max_comp_pkt_size = get_max_comp_pkt_size(next_read_size);
       while (OB_SUCC(ret)
              && next_read_size > 0
@@ -159,6 +166,9 @@ static int build_compressed_buffer(ObEasyBuffer &orig_send_buf,
           //optimize for multi packet
           last_read_size = next_read_size;
           next_read_size = orig_send_buf.get_next_read_size(context.last_pkt_pos_, max_read_step);
+          if (next_read_size > (comp_send_buf.write_avail_size() - OB_MYSQL_COMPRESSED_HEADER_SIZE)) {
+            next_read_size = max_read_step;
+          }
           if (last_read_size != next_read_size) {
             max_comp_pkt_size = get_max_comp_pkt_size(next_read_size);
           }