fix: heap user after free
This commit is contained in:
kailixu
parent
be07c960c4
commit
ba48115231
|
|
@ -155,6 +155,7 @@ typedef struct STscObj {
|
|||
int8_t biMode;
|
||||
int32_t acctId;
|
||||
uint32_t connId;
|
||||
int32_t appHbMgrIdx;
|
||||
int64_t id; // ref ID returned by taosAddRef
|
||||
TdThreadMutex mutex; // used to protect the operation on db
|
||||
int32_t numOfReqs; // number of sqlObj bound to this connection
|
||||
|
|
|
|||
|
|
@ -283,6 +283,7 @@ void *createTscObj(const char *user, const char *auth, const char *db, int32_t c
|
|||
|
||||
pObj->connType = connType;
|
||||
pObj->pAppInfo = pAppInfo;
|
||||
pObj->appHbMgrIdx = pAppInfo->pAppHbMgr->idx;
|
||||
tstrncpy(pObj->user, user, sizeof(pObj->user));
|
||||
memcpy(pObj->pass, auth, TSDB_PASSWORD_LEN);
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ typedef struct {
|
|||
};
|
||||
} SHbParam;
|
||||
|
||||
static SClientHbMgr clientHbMgr = {0};
|
||||
SClientHbMgr clientHbMgr = {0};
|
||||
|
||||
static int32_t hbCreateThread();
|
||||
static void hbStopThread();
|
||||
|
|
@ -1294,9 +1294,8 @@ void hbMgrCleanUp() {
|
|||
|
||||
taosThreadMutexLock(&clientHbMgr.lock);
|
||||
appHbMgrCleanup();
|
||||
taosArrayDestroy(clientHbMgr.appHbMgrs);
|
||||
clientHbMgr.appHbMgrs = taosArrayDestroy(clientHbMgr.appHbMgrs);
|
||||
taosThreadMutexUnlock(&clientHbMgr.lock);
|
||||
clientHbMgr.appHbMgrs = NULL;
|
||||
}
|
||||
|
||||
int hbRegisterConnImpl(SAppHbMgr *pAppHbMgr, SClientHbKey connKey, int64_t clusterId) {
|
||||
|
|
@ -1335,13 +1334,18 @@ int hbRegisterConn(SAppHbMgr *pAppHbMgr, int64_t tscRefId, int64_t clusterId, in
|
|||
}
|
||||
|
||||
void hbDeregisterConn(STscObj *pTscObj, SClientHbKey connKey) {
|
||||
SAppHbMgr *pAppHbMgr = pTscObj->pAppInfo->pAppHbMgr;
|
||||
SClientHbReq *pReq = taosHashAcquire(pAppHbMgr->activeInfo, &connKey, sizeof(SClientHbKey));
|
||||
if (pReq) {
|
||||
tFreeClientHbReq(pReq);
|
||||
taosHashRemove(pAppHbMgr->activeInfo, &connKey, sizeof(SClientHbKey));
|
||||
taosHashRelease(pAppHbMgr->activeInfo, pReq);
|
||||
SClientHbReq *pReq = NULL;
|
||||
taosThreadMutexLock(&clientHbMgr.lock);
|
||||
SAppHbMgr *pAppHbMgr = taosArrayGetP(clientHbMgr.appHbMgrs, pTscObj->appHbMgrIdx);
|
||||
if (pAppHbMgr) {
|
||||
pReq = taosHashAcquire(pAppHbMgr->activeInfo, &connKey, sizeof(SClientHbKey));
|
||||
if (pReq) {
|
||||
tFreeClientHbReq(pReq);
|
||||
taosHashRemove(pAppHbMgr->activeInfo, &connKey, sizeof(SClientHbKey));
|
||||
taosHashRelease(pAppHbMgr->activeInfo, pReq);
|
||||
}
|
||||
}
|
||||
taosThreadMutexUnlock(&clientHbMgr.lock);
|
||||
|
||||
if (NULL == pReq) {
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@
|
|||
#include "tname.h"
|
||||
#include "tversion.h"
|
||||
|
||||
extern SClientHbMgr clientHbMgr;
|
||||
|
||||
static void setErrno(SRequestObj* pRequest, int32_t code) {
|
||||
pRequest->code = code;
|
||||
terrno = code;
|
||||
|
|
@ -63,12 +65,21 @@ int32_t processConnectRsp(void* param, SDataBuf* pMsg, int32_t code) {
|
|||
|
||||
STscObj* pTscObj = pRequest->pTscObj;
|
||||
|
||||
if (NULL == pTscObj->pAppInfo || NULL == pTscObj->pAppInfo->pAppHbMgr) {
|
||||
if (NULL == pTscObj->pAppInfo) {
|
||||
setErrno(pRequest, TSDB_CODE_TSC_DISCONNECTED);
|
||||
tsem_post(&pRequest->body.rspSem);
|
||||
goto End;
|
||||
}
|
||||
|
||||
taosThreadMutexLock(&clientHbMgr.lock);
|
||||
if (NULL == taosArrayGetP(clientHbMgr.appHbMgrs, pTscObj->appHbMgrIdx)) {
|
||||
taosThreadMutexUnlock(&clientHbMgr.lock);
|
||||
setErrno(pRequest, TSDB_CODE_TSC_DISCONNECTED);
|
||||
tsem_post(&pRequest->body.rspSem);
|
||||
goto End;
|
||||
}
|
||||
taosThreadMutexUnlock(&clientHbMgr.lock);
|
||||
|
||||
SConnectRsp connectRsp = {0};
|
||||
if (tDeserializeSConnectRsp(pMsg->pData, pMsg->len, &connectRsp) != 0) {
|
||||
code = TSDB_CODE_TSC_INVALID_VERSION;
|
||||
|
|
@ -142,7 +153,12 @@ int32_t processConnectRsp(void* param, SDataBuf* pMsg, int32_t code) {
|
|||
pTscObj->authVer = connectRsp.authVer;
|
||||
pTscObj->whiteListInfo.ver = connectRsp.whiteListVer;
|
||||
|
||||
hbRegisterConn(pTscObj->pAppInfo->pAppHbMgr, pTscObj->id, connectRsp.clusterId, connectRsp.connType);
|
||||
taosThreadMutexLock(&clientHbMgr.lock);
|
||||
SAppHbMgr* pAppHbMgr = taosArrayGetP(clientHbMgr.appHbMgrs, pTscObj->appHbMgrIdx);
|
||||
if (pAppHbMgr) {
|
||||
hbRegisterConn(pAppHbMgr, pTscObj->id, connectRsp.clusterId, connectRsp.connType);
|
||||
}
|
||||
taosThreadMutexUnlock(&clientHbMgr.lock);
|
||||
|
||||
tscDebug("0x%" PRIx64 " clusterId:%" PRId64 ", totalConn:%" PRId64, pRequest->requestId, connectRsp.clusterId,
|
||||
pTscObj->pAppInfo->numOfConns);
|
||||
|
|
|
|||
Loading…
Reference in New Issue