From daf91648fe8c0081e319175c9b009d75cd4a2d25 Mon Sep 17 00:00:00 2001 From: dapan1121 Date: Fri, 18 Aug 2023 13:57:17 +0800 Subject: [PATCH] fix: invalid read memory issue --- include/libs/nodes/querynodes.h | 2 +- source/libs/nodes/CMakeLists.txt | 4 ++-- source/libs/nodes/src/nodesUtilFuncs.c | 14 +++++++++-- source/libs/planner/src/planLogicCreater.c | 28 ++++++++++++++-------- source/libs/planner/src/planUtil.c | 8 +++++++ source/libs/qworker/src/qwUtil.c | 1 + 6 files changed, 42 insertions(+), 15 deletions(-) diff --git a/include/libs/nodes/querynodes.h b/include/libs/nodes/querynodes.h index 6d3fd6480d..d7d45c57ad 100644 --- a/include/libs/nodes/querynodes.h +++ b/include/libs/nodes/querynodes.h @@ -498,7 +498,7 @@ int32_t nodesCollectColumns(SSelectStmt* pSelect, ESqlClause clause, const char* int32_t nodesCollectColumnsFromNode(SNode* node, const char* pTableAlias, ECollectColType type, SNodeList** pCols); typedef bool (*FFuncClassifier)(int32_t funcId); -int32_t nodesCollectFuncs(SSelectStmt* pSelect, ESqlClause clause, FFuncClassifier classifier, SNodeList** pFuncs); +int32_t nodesCollectFuncs(SSelectStmt* pSelect, ESqlClause clause, char* tableAlias, FFuncClassifier classifier, SNodeList** pFuncs); int32_t nodesCollectSpecialNodes(SSelectStmt* pSelect, ESqlClause clause, ENodeType type, SNodeList** pNodes); diff --git a/source/libs/nodes/CMakeLists.txt b/source/libs/nodes/CMakeLists.txt index b8fdb32987..b6163e742e 100644 --- a/source/libs/nodes/CMakeLists.txt +++ b/source/libs/nodes/CMakeLists.txt @@ -7,9 +7,9 @@ target_include_directories( ) target_link_libraries( nodes - PRIVATE os util common qcom + PRIVATE os util common qcom function ) if(${BUILD_TEST}) ADD_SUBDIRECTORY(test) -endif(${BUILD_TEST}) \ No newline at end of file +endif(${BUILD_TEST}) diff --git a/source/libs/nodes/src/nodesUtilFuncs.c b/source/libs/nodes/src/nodesUtilFuncs.c index e989048545..b5c694e77c 100644 --- a/source/libs/nodes/src/nodesUtilFuncs.c +++ b/source/libs/nodes/src/nodesUtilFuncs.c @@ -22,6 +22,7 @@ #include "tdatablock.h" #include "thash.h" #include "tref.h" +#include "functionMgt.h" typedef struct SNodeMemChunk { int32_t availableSize; @@ -1920,7 +1921,7 @@ static EDealRes doCollect(SCollectColumnsCxt* pCxt, SColumnNode* pCol, SNode* pN static bool isCollectType(ECollectColType collectType, EColumnType colType) { return COLLECT_COL_TYPE_ALL == collectType ? true - : (COLLECT_COL_TYPE_TAG == collectType ? COLUMN_TYPE_TAG == colType : COLUMN_TYPE_TAG != colType); + : (COLLECT_COL_TYPE_TAG == collectType ? COLUMN_TYPE_TAG == colType : (COLUMN_TYPE_TAG != colType && COLUMN_TYPE_TBNAME != colType)); } static EDealRes collectColumns(SNode* pNode, void* pContext) { @@ -1999,6 +2000,7 @@ int32_t nodesCollectColumnsFromNode(SNode* node, const char* pTableAlias, EColle typedef struct SCollectFuncsCxt { int32_t errCode; + char* tableAlias; FFuncClassifier classifier; SNodeList* pFuncs; SHashObj* pFuncsSet; @@ -2008,6 +2010,13 @@ static EDealRes collectFuncs(SNode* pNode, void* pContext) { SCollectFuncsCxt* pCxt = (SCollectFuncsCxt*)pContext; if (QUERY_NODE_FUNCTION == nodeType(pNode) && pCxt->classifier(((SFunctionNode*)pNode)->funcId) && !(((SExprNode*)pNode)->orderAlias)) { + SFunctionNode* pFunc = (SFunctionNode*)pNode; + if (FUNCTION_TYPE_TBNAME == pFunc->funcType && pCxt->tableAlias) { + SValueNode* pVal = (SValueNode*)nodesListGetNode(pFunc->pParameterList, 0); + if (strcmp(pVal->literal, pCxt->tableAlias)) { + return DEAL_RES_CONTINUE; + } + } SExprNode* pExpr = (SExprNode*)pNode; if (NULL == taosHashGet(pCxt->pFuncsSet, &pExpr, sizeof(SExprNode*))) { pCxt->errCode = nodesListStrictAppend(pCxt->pFuncs, nodesCloneNode(pNode)); @@ -2030,13 +2039,14 @@ static int32_t funcNodeEqual(const void* pLeft, const void* pRight, size_t len) return nodesEqualNode(*(const SNode**)pLeft, *(const SNode**)pRight) ? 0 : 1; } -int32_t nodesCollectFuncs(SSelectStmt* pSelect, ESqlClause clause, FFuncClassifier classifier, SNodeList** pFuncs) { +int32_t nodesCollectFuncs(SSelectStmt* pSelect, ESqlClause clause, char* tableAlias, FFuncClassifier classifier, SNodeList** pFuncs) { if (NULL == pSelect || NULL == pFuncs) { return TSDB_CODE_FAILED; } SCollectFuncsCxt cxt = {.errCode = TSDB_CODE_SUCCESS, .classifier = classifier, + .tableAlias = tableAlias, .pFuncs = (NULL == *pFuncs ? nodesMakeList() : *pFuncs), .pFuncsSet = taosHashInit(4, funcNodeHash, false, false)}; if (NULL == cxt.pFuncs || NULL == cxt.pFuncsSet) { diff --git a/source/libs/planner/src/planLogicCreater.c b/source/libs/planner/src/planLogicCreater.c index ee551a2f38..6a8191e80b 100644 --- a/source/libs/planner/src/planLogicCreater.c +++ b/source/libs/planner/src/planLogicCreater.c @@ -374,16 +374,24 @@ static int32_t createScanLogicNode(SLogicPlanContext* pCxt, SSelectStmt* pSelect } if (TSDB_CODE_SUCCESS == code) { - code = nodesCollectFuncs(pSelect, SQL_CLAUSE_FROM, fmIsScanPseudoColumnFunc, &pScan->pScanPseudoCols); - } - - // rewrite the expression in subsequent clauses - if (TSDB_CODE_SUCCESS == code) { - code = rewriteExprsForSelect(pScan->pScanPseudoCols, pSelect, SQL_CLAUSE_FROM, NULL); + code = nodesCollectFuncs(pSelect, SQL_CLAUSE_FROM, pRealTable->table.tableAlias, fmIsScanPseudoColumnFunc, &pScan->pScanPseudoCols); } pScan->scanType = getScanType(pCxt, pScan->pScanPseudoCols, pScan->pScanCols, pScan->tableType, pSelect->tagScan); + // rewrite the expression in subsequent clauses + if (TSDB_CODE_SUCCESS == code) { + SNodeList* pNewScanPseudoCols = NULL; + code = rewriteExprsForSelect(pScan->pScanPseudoCols, pSelect, SQL_CLAUSE_FROM, NULL); + if (TSDB_CODE_SUCCESS == code && NULL != pScan->pScanPseudoCols) { + code = createColumnByRewriteExprs(pScan->pScanPseudoCols, &pNewScanPseudoCols); + if (TSDB_CODE_SUCCESS == code) { + nodesDestroyList(pScan->pScanPseudoCols); + pScan->pScanPseudoCols = pNewScanPseudoCols; + } + } + } + if (NULL != pScan->pScanCols) { pScan->hasNormalCols = true; } @@ -619,7 +627,7 @@ static int32_t createAggLogicNode(SLogicPlanContext* pCxt, SSelectStmt* pSelect, // set grouyp keys, agg funcs and having conditions if (TSDB_CODE_SUCCESS == code) { - code = nodesCollectFuncs(pSelect, SQL_CLAUSE_GROUP_BY, fmIsAggFunc, &pAgg->pAggFuncs); + code = nodesCollectFuncs(pSelect, SQL_CLAUSE_GROUP_BY, NULL, fmIsAggFunc, &pAgg->pAggFuncs); } // rewrite the expression in subsequent clauses @@ -690,7 +698,7 @@ static int32_t createIndefRowsFuncLogicNode(SLogicPlanContext* pCxt, SSelectStmt pIdfRowsFunc->node.resultDataOrder = pIdfRowsFunc->node.requireDataOrder; // indefinite rows functions and _select_values functions - int32_t code = nodesCollectFuncs(pSelect, SQL_CLAUSE_SELECT, fmIsVectorFunc, &pIdfRowsFunc->pFuncs); + int32_t code = nodesCollectFuncs(pSelect, SQL_CLAUSE_SELECT, NULL, fmIsVectorFunc, &pIdfRowsFunc->pFuncs); if (TSDB_CODE_SUCCESS == code) { code = rewriteExprsForSelect(pIdfRowsFunc->pFuncs, pSelect, SQL_CLAUSE_SELECT, NULL); } @@ -728,7 +736,7 @@ static int32_t createInterpFuncLogicNode(SLogicPlanContext* pCxt, SSelectStmt* p pInterpFunc->node.resultDataOrder = pInterpFunc->node.requireDataOrder; // interp functions and _group_key functions - int32_t code = nodesCollectFuncs(pSelect, SQL_CLAUSE_SELECT, isInterpFunc, &pInterpFunc->pFuncs); + int32_t code = nodesCollectFuncs(pSelect, SQL_CLAUSE_SELECT, NULL, isInterpFunc, &pInterpFunc->pFuncs); if (TSDB_CODE_SUCCESS == code) { code = rewriteExprsForSelect(pInterpFunc->pFuncs, pSelect, SQL_CLAUSE_SELECT, NULL); } @@ -774,7 +782,7 @@ static int32_t createWindowLogicNodeFinalize(SLogicPlanContext* pCxt, SSelectStm pWindow->node.inputTsOrder = ORDER_ASC; pWindow->node.outputTsOrder = ORDER_ASC; - int32_t code = nodesCollectFuncs(pSelect, SQL_CLAUSE_WINDOW, fmIsWindowClauseFunc, &pWindow->pFuncs); + int32_t code = nodesCollectFuncs(pSelect, SQL_CLAUSE_WINDOW, NULL, fmIsWindowClauseFunc, &pWindow->pFuncs); if (TSDB_CODE_SUCCESS == code) { code = rewriteExprsForSelect(pWindow->pFuncs, pSelect, SQL_CLAUSE_WINDOW, NULL); } diff --git a/source/libs/planner/src/planUtil.c b/source/libs/planner/src/planUtil.c index 7002a590a0..d94797053f 100644 --- a/source/libs/planner/src/planUtil.c +++ b/source/libs/planner/src/planUtil.c @@ -65,6 +65,14 @@ static EDealRes doCreateColumn(SNode* pNode, void* pContext) { } pCol->node.resType = pExpr->resType; strcpy(pCol->colName, pExpr->aliasName); + if (QUERY_NODE_FUNCTION == nodeType(pNode)) { + SFunctionNode* pFunc = (SFunctionNode*)pNode; + if (pFunc->funcType == FUNCTION_TYPE_TBNAME) { + SValueNode* pVal = (SValueNode*)nodesListGetNode(pFunc->pParameterList, 0); + strcpy(pCol->tableAlias, pVal->literal); + strcpy(pCol->tableName, pVal->literal); + } + } return (TSDB_CODE_SUCCESS == nodesListStrictAppend(pCxt->pList, (SNode*)pCol) ? DEAL_RES_IGNORE_CHILD : DEAL_RES_ERROR); } diff --git a/source/libs/qworker/src/qwUtil.c b/source/libs/qworker/src/qwUtil.c index 4c54c3548d..2ce920a9d2 100644 --- a/source/libs/qworker/src/qwUtil.c +++ b/source/libs/qworker/src/qwUtil.c @@ -314,6 +314,7 @@ void qwFreeTaskCtx(SQWTaskCtx *ctx) { } taosArrayDestroy(ctx->tbInfo); + ctx->tbInfo = NULL; } int32_t qwDropTaskCtx(QW_FPARAMS_DEF) {