From ad0c91e6c3e29c48ec52d3b827d5972729db3916 Mon Sep 17 00:00:00 2001
From: Hongze Cheng <hzcheng@taosdata.com>
Date: Mon, 19 Feb 2024 14:06:45 +0800
Subject: [PATCH] fix: invalid memory access during meta snapshot transfer

---
 source/dnode/vnode/src/meta/metaSnapshot.c | 41 +++++++++++-----------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/source/dnode/vnode/src/meta/metaSnapshot.c b/source/dnode/vnode/src/meta/metaSnapshot.c
index 18190ac533..e86ed3b657 100644
--- a/source/dnode/vnode/src/meta/metaSnapshot.c
+++ b/source/dnode/vnode/src/meta/metaSnapshot.c
@@ -96,29 +96,29 @@ int32_t metaSnapRead(SMetaSnapReader* pReader, uint8_t** ppData) {
       continue;
     }
 
+    if (!pData || !nData) {
+      metaError("meta/snap: invalide nData: %" PRId32 " meta snap read failed.", nData);
+      goto _exit;
+    }
+
+    *ppData = taosMemoryMalloc(sizeof(SSnapDataHdr) + nData);
+    if (*ppData == NULL) {
+      code = TSDB_CODE_OUT_OF_MEMORY;
+      goto _err;
+    }
+
+    SSnapDataHdr* pHdr = (SSnapDataHdr*)(*ppData);
+    pHdr->type = SNAP_DATA_META;
+    pHdr->size = nData;
+    memcpy(pHdr->data, pData, nData);
+
+    metaDebug("vgId:%d, vnode snapshot meta read data, version:%" PRId64 " uid:%" PRId64 " blockLen:%d",
+              TD_VID(pReader->pMeta->pVnode), key.version, key.uid, nData);
+
     tdbTbcMoveToNext(pReader->pTbc);
     break;
   }
 
-  if (!pData || !nData) {
-    metaError("meta/snap: invalide nData: %" PRId32 " meta snap read failed.", nData);
-    goto _exit;
-  }
-
-  *ppData = taosMemoryMalloc(sizeof(SSnapDataHdr) + nData);
-  if (*ppData == NULL) {
-    code = TSDB_CODE_OUT_OF_MEMORY;
-    goto _err;
-  }
-
-  SSnapDataHdr* pHdr = (SSnapDataHdr*)(*ppData);
-  pHdr->type = SNAP_DATA_META;
-  pHdr->size = nData;
-  memcpy(pHdr->data, pData, nData);
-
-  metaDebug("vgId:%d, vnode snapshot meta read data, version:%" PRId64 " uid:%" PRId64 " blockLen:%d",
-            TD_VID(pReader->pMeta->pVnode), key.version, key.uid, nData);
-
 _exit:
   return code;
 
@@ -619,7 +619,8 @@ SMetaTableInfo getMetaTableInfoFromSnapshot(SSnapContext* ctx) {
 
     int32_t ret = MoveToPosition(ctx, idInfo->version, *uidTmp);
     if (ret != 0) {
-      metaDebug("tmqsnap getMetaTableInfoFromSnapshot not exist uid:%" PRIi64 " version:%" PRIi64, *uidTmp, idInfo->version);
+      metaDebug("tmqsnap getMetaTableInfoFromSnapshot not exist uid:%" PRIi64 " version:%" PRIi64, *uidTmp,
+                idInfo->version);
       continue;
     }
     tdbTbcGet((TBC*)ctx->pCur, (const void**)&pKey, &kLen, (const void**)&pVal, &vLen);