From 0e9205c3143aa61b8796173ebe62543034049b8a Mon Sep 17 00:00:00 2001
From: Yihao Deng <luomoxyz@126.com>
Date: Fri, 5 Jul 2024 09:13:30 +0000
Subject: [PATCH] fix UAF

---
 source/libs/transport/src/transCli.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source/libs/transport/src/transCli.c b/source/libs/transport/src/transCli.c
index ffcb1fbdb5..25e0248095 100644
--- a/source/libs/transport/src/transCli.c
+++ b/source/libs/transport/src/transCli.c
@@ -832,6 +832,9 @@ static int32_t allocConnRef(SCliConn* conn, bool update) {
   taosInitRWLatch(&exh->latch);
 
   exh->refId = transAddExHandle(transGetRefMgt(), exh);
+  SExHandle* self = transAcquireExHandle(transGetRefMgt(), exh->refId);
+  ASSERT(exh == self);
+
   QUEUE_INIT(&exh->q);
   taosInitRWLatch(&exh->latch);
 
@@ -2833,6 +2836,9 @@ int64_t transAllocHandle() {
   taosInitRWLatch(&exh->latch);
 
   exh->refId = transAddExHandle(transGetRefMgt(), exh);
+  SExHandle* self = transAcquireExHandle(transGetRefMgt(), exh->refId);
+  ASSERT(exh == self);
+
   QUEUE_INIT(&exh->q);
   taosInitRWLatch(&exh->latch);
   tDebug("pre alloc refId %" PRId64 "", exh->refId);