From 46355de7f91aa85f188bbb7a131ebffbbab4ab56 Mon Sep 17 00:00:00 2001 From: xsren <285808407@qq.com> Date: Thu, 5 Sep 2024 17:30:46 +0800 Subject: [PATCH 1/4] fix: crash --- source/common/src/tdatablock.c | 17 +++++++++++++++++ source/libs/function/src/builtinsimpl.c | 4 ++++ source/libs/function/src/udfd.c | 7 ++++++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/source/common/src/tdatablock.c b/source/common/src/tdatablock.c index 8e50c943b9..bd91c467b6 100644 --- a/source/common/src/tdatablock.c +++ b/source/common/src/tdatablock.c @@ -2402,10 +2402,18 @@ void* tDecodeDataBlock(const void* buf, SSDataBlock* pBlock) { } else { buf = taosDecodeBinary(buf, (void**)&data.nullbitmap, BitmapLen(pBlock->info.rows)); } + if(buf == NULL) { + uError("failed to decode null bitmap/offset, type:%d", data.info.type); + return NULL; + } int32_t len = 0; buf = taosDecodeFixedI32(buf, &len); buf = taosDecodeBinary(buf, (void**)&data.pData, len); + if (buf == NULL) { + uError("failed to decode data, type:%d", data.info.type); + return NULL; + } if (IS_VAR_DATA_TYPE(data.info.type)) { data.varmeta.length = len; data.varmeta.allocLen = len; @@ -2418,6 +2426,15 @@ void* tDecodeDataBlock(const void* buf, SSDataBlock* pBlock) { } return (void*)buf; +_error: + for (int32_t i = 0; i < sz; ++i) { + SColumnInfoData* pColInfoData = (SColumnInfoData*)taosArrayGet(pBlock->pDataBlock, i); + if (pColInfoData == NULL) { + break; + } + colDataDestroy(pColInfoData); + } + return NULL; } static char* formatTimestamp(char* buf, int64_t val, int precision) { diff --git a/source/libs/function/src/builtinsimpl.c b/source/libs/function/src/builtinsimpl.c index 84ab103456..2fa0cef5e8 100644 --- a/source/libs/function/src/builtinsimpl.c +++ b/source/libs/function/src/builtinsimpl.c @@ -5996,6 +5996,10 @@ int32_t modeFunctionSetup(SqlFunctionCtx* pCtx, SResultRowEntryInfo* pResInfo) { pInfo->colBytes = pCtx->resDataInfo.bytes; if (pInfo->pHash != NULL) { taosHashClear(pInfo->pHash); + pInfo->pHash = taosHashInit(64, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_NO_LOCK); + if (NULL == pInfo->pHash) { + return terrno; + } } else { pInfo->pHash = taosHashInit(64, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_NO_LOCK); if (NULL == pInfo->pHash) { diff --git a/source/libs/function/src/udfd.c b/source/libs/function/src/udfd.c index adcce879eb..b17af44260 100644 --- a/source/libs/function/src/udfd.c +++ b/source/libs/function/src/udfd.c @@ -524,7 +524,12 @@ void udfdDeinitScriptPlugins() { void udfdProcessRequest(uv_work_t *req) { SUvUdfWork *uvUdf = (SUvUdfWork *)(req->data); SUdfRequest request = {0}; - if(decodeUdfRequest(uvUdf->input.base, &request) == NULL) return; + if(decodeUdfRequest(uvUdf->input.base, &request) == NULL) + { + taosMemoryFree(uvUdf->input.base); + fnError("udf request decode failed"); + return; + } switch (request.type) { case UDF_TASK_SETUP: { From ed481a1f29fcf4391e2377c09b5cb366c2c3075c Mon Sep 17 00:00:00 2001 From: xsren <285808407@qq.com> Date: Thu, 5 Sep 2024 17:45:50 +0800 Subject: [PATCH 2/4] handle excep --- source/common/src/tdatablock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/common/src/tdatablock.c b/source/common/src/tdatablock.c index bd91c467b6..11224aaa69 100644 --- a/source/common/src/tdatablock.c +++ b/source/common/src/tdatablock.c @@ -2404,7 +2404,7 @@ void* tDecodeDataBlock(const void* buf, SSDataBlock* pBlock) { } if(buf == NULL) { uError("failed to decode null bitmap/offset, type:%d", data.info.type); - return NULL; + goto _error; } int32_t len = 0; @@ -2412,7 +2412,7 @@ void* tDecodeDataBlock(const void* buf, SSDataBlock* pBlock) { buf = taosDecodeBinary(buf, (void**)&data.pData, len); if (buf == NULL) { uError("failed to decode data, type:%d", data.info.type); - return NULL; + goto _error; } if (IS_VAR_DATA_TYPE(data.info.type)) { data.varmeta.length = len; From 0a118243ea9db85467673e4a70eca80dc5ebc6d5 Mon Sep 17 00:00:00 2001 From: xsren <285808407@qq.com> Date: Fri, 6 Sep 2024 09:38:23 +0800 Subject: [PATCH 3/4] fix: free invalid hash --- source/libs/function/src/builtinsimpl.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/source/libs/function/src/builtinsimpl.c b/source/libs/function/src/builtinsimpl.c index 2fa0cef5e8..1119ba576a 100644 --- a/source/libs/function/src/builtinsimpl.c +++ b/source/libs/function/src/builtinsimpl.c @@ -5996,10 +5996,6 @@ int32_t modeFunctionSetup(SqlFunctionCtx* pCtx, SResultRowEntryInfo* pResInfo) { pInfo->colBytes = pCtx->resDataInfo.bytes; if (pInfo->pHash != NULL) { taosHashClear(pInfo->pHash); - pInfo->pHash = taosHashInit(64, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_NO_LOCK); - if (NULL == pInfo->pHash) { - return terrno; - } } else { pInfo->pHash = taosHashInit(64, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BINARY), true, HASH_NO_LOCK); if (NULL == pInfo->pHash) { @@ -6012,6 +6008,7 @@ int32_t modeFunctionSetup(SqlFunctionCtx* pCtx, SResultRowEntryInfo* pResInfo) { pInfo->buf = taosMemoryMalloc(pInfo->colBytes); if (NULL == pInfo->buf) { taosHashCleanup(pInfo->pHash); + pInfo->pHash = NULL; return TSDB_CODE_OUT_OF_MEMORY; } @@ -6020,7 +6017,9 @@ int32_t modeFunctionSetup(SqlFunctionCtx* pCtx, SResultRowEntryInfo* pResInfo) { static void modeFunctionCleanup(SModeInfo * pInfo) { taosHashCleanup(pInfo->pHash); + pInfo->pHash = NULL; taosMemoryFreeClear(pInfo->buf); + pInfo->buf = NULL; } void modeFunctionCleanupExt(SqlFunctionCtx* pCtx) { From aa526fe13a066181fe1b04d37083fde19f13cd6d Mon Sep 17 00:00:00 2001 From: xsren <285808407@qq.com> Date: Fri, 6 Sep 2024 11:54:22 +0800 Subject: [PATCH 4/4] unused code --- source/libs/function/src/builtinsimpl.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source/libs/function/src/builtinsimpl.c b/source/libs/function/src/builtinsimpl.c index 1119ba576a..196fd767bb 100644 --- a/source/libs/function/src/builtinsimpl.c +++ b/source/libs/function/src/builtinsimpl.c @@ -6019,7 +6019,6 @@ static void modeFunctionCleanup(SModeInfo * pInfo) { taosHashCleanup(pInfo->pHash); pInfo->pHash = NULL; taosMemoryFreeClear(pInfo->buf); - pInfo->buf = NULL; } void modeFunctionCleanupExt(SqlFunctionCtx* pCtx) {