From 64378be7f4b7728ddff843bd65c7ca47522da5d8 Mon Sep 17 00:00:00 2001
From: Minglei Jin <mljin@taosdata.com>
Date: Mon, 18 Dec 2023 18:06:40 +0800
Subject: [PATCH] fix(tsdb/cache): fix buffer-overflow with column adding

---
 source/dnode/vnode/src/tsdb/tsdbCache.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/source/dnode/vnode/src/tsdb/tsdbCache.c b/source/dnode/vnode/src/tsdb/tsdbCache.c
index e48650e265..3ca2846d07 100644
--- a/source/dnode/vnode/src/tsdb/tsdbCache.c
+++ b/source/dnode/vnode/src/tsdb/tsdbCache.c
@@ -2745,6 +2745,13 @@ static int32_t mergeLastCid(tb_uid_t uid, STsdb *pTsdb, SArray **ppLastArray, SC
           break;
         }
         SLastCol *pCol = taosArrayGet(pColArray, iCol);
+        if (slotIds[iCol] > pTSchema->numOfCols - 1) {
+          if (!setNoneCol) {
+            noneCol = iCol;
+            setNoneCol = true;
+          }
+          continue;
+        }
         if (pCol->colVal.cid != pTSchema->columns[slotIds[iCol]].colId) {
           continue;
         }
@@ -2919,6 +2926,9 @@ static int32_t mergeLastRowCid(tb_uid_t uid, STsdb *pTsdb, SArray **ppLastArray,
         break;
       }
       SLastCol *pCol = taosArrayGet(pColArray, iCol);
+      if (slotIds[iCol] > pTSchema->numOfCols - 1) {
+        continue;
+      }
       if (pCol->colVal.cid != pTSchema->columns[slotIds[iCol]].colId) {
         continue;
       }