hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[CP] Fix merge join backup restore const expr datum out of bounds

Browse Source
This commit is contained in:
hezuojiao
2023-10-13 05:43:52 +00:00
committed by ob-robot
parent 9cb41a41d6
commit d98b7cf410
1 changed files with 27 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/sql/engine/join/ob_merge_join_op.cpp
View File

@ -973,9 +973,14 @@ int ObMergeJoinOp::ChildBatchFetcher::get_next_batch(const int64_t max_row_cnt)
} else { } else {
const int64_t restore_cnt = MIN(max_row_cnt, remain_backup_rows); const int64_t restore_cnt = MIN(max_row_cnt, remain_backup_rows);
for (int64_t i = 0; i < backup_datums_.count(); i++) { for (int64_t i = 0; i < backup_datums_.count(); i++) {
ObDatum *datum = all_exprs_->at(i)->locate_batch_datums(merge_join_op_.eval_ctx_); const ObExpr *expr = all_exprs_->at(i);
MEMCPY(datum, backup_datums_.at(i) + backup_rows_used_, sizeof(ObDatum) * restore_cnt); if (expr->is_const_expr()) {
all_exprs_->at(i)->set_evaluated_projected(merge_join_op_.eval_ctx_); continue;
} else {
ObDatum *datum = all_exprs_->at(i)->locate_batch_datums(merge_join_op_.eval_ctx_);
MEMCPY(datum, backup_datums_.at(i) + backup_rows_used_, sizeof(ObDatum) * restore_cnt);
all_exprs_->at(i)->set_evaluated_projected(merge_join_op_.eval_ctx_);
}
} }
brs_.size_ = restore_cnt; brs_.size_ = restore_cnt;
brs_.end_ = false; brs_.end_ = false;
@ -1020,8 +1025,11 @@ int ObMergeJoinOp::ChildBatchFetcher::backup_remain_rows()
} else if (backup_datums_.empty()) { } else if (backup_datums_.empty()) {
int64_t alloc_size = sizeof(ObDatum) * merge_join_op_.spec_.max_batch_size_; int64_t alloc_size = sizeof(ObDatum) * merge_join_op_.spec_.max_batch_size_;
for (int64_t i = 0; i < all_exprs_->count() && OB_SUCC(ret); i++) { for (int64_t i = 0; i < all_exprs_->count() && OB_SUCC(ret); i++) {
const ObExpr *expr = all_exprs_->at(i);
ObDatum *datum = NULL; ObDatum *datum = NULL;
if (OB_ISNULL(datum = static_cast<ObDatum *>(allocator.alloc(alloc_size)))) { // if expr is const, use NULL datum pointer as padding.
if (!expr->is_const_expr() &&
OB_ISNULL(datum = static_cast<ObDatum *>(allocator.alloc(alloc_size)))) {
ret = OB_ALLOCATE_MEMORY_FAILED; ret = OB_ALLOCATE_MEMORY_FAILED;
LOG_WARN("allocate memory failed", K(ret)); LOG_WARN("allocate memory failed", K(ret));
} else if (OB_FAIL(backup_datums_.push_back(datum))) { } else if (OB_FAIL(backup_datums_.push_back(datum))) {
@ -1035,17 +1043,22 @@ int ObMergeJoinOp::ChildBatchFetcher::backup_remain_rows()
LOG_WARN("count mismatch", K(ret), K(all_exprs_->count()), K(backup_datums_.count())); LOG_WARN("count mismatch", K(ret), K(all_exprs_->count()), K(backup_datums_.count()));
} else { } else {
for (int64_t i = 0; i < all_exprs_->count() && OB_SUCC(ret); i++) { for (int64_t i = 0; i < all_exprs_->count() && OB_SUCC(ret); i++) {
backup_rows_cnt_ = 0; const ObExpr *expr = all_exprs_->at(i);
backup_rows_used_ = 0; if (expr->is_const_expr()) {
ObDatumVector src_datum = all_exprs_->at(i)->locate_expr_datumvector(merge_join_op_.eval_ctx_); continue;
ObDatum *datum = backup_datums_.at(i);
if (OB_ISNULL(datum)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("backup datums memory is null", K(ret), K(i), K(all_exprs_->count()));
} else { } else {
for (int64_t j = cur_idx_; j < brs_.size_ && OB_SUCC(ret); j++) { backup_rows_cnt_ = 0;
if (!brs_.skip_->contain(j)) { backup_rows_used_ = 0;
datum[backup_rows_cnt_++] = *src_datum.at(j); ObDatumVector src_datum = expr->locate_expr_datumvector(merge_join_op_.eval_ctx_);
ObDatum *datum = backup_datums_.at(i);
if (OB_ISNULL(datum)) {
ret = OB_ERR_UNEXPECTED;
LOG_WARN("backup datums memory is null", K(ret), K(i), K(all_exprs_->count()));
} else {
for (int64_t j = cur_idx_; j < brs_.size_ && OB_SUCC(ret); j++) {
if (!brs_.skip_->contain(j)) {
datum[backup_rows_cnt_++] = *src_datum.at(j);
}
} }
} }
} }