From a43544ea266eab6a2e9321fffb663e1a647cd275 Mon Sep 17 00:00:00 2001 From: Shengliang Guan Date: Tue, 30 Jun 2020 14:31:06 +0000 Subject: [PATCH] invalid read while auto create table --- src/inc/taoserror.h | 1 + src/mnode/src/mnodeTable.c | 16 +++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/inc/taoserror.h b/src/inc/taoserror.h index 33e0aa24b6..4a7d86c434 100644 --- a/src/inc/taoserror.h +++ b/src/inc/taoserror.h @@ -153,6 +153,7 @@ TAOS_DEFINE_ERROR(TSDB_CODE_MND_TAG_ALREAY_EXIST, 0, 0x0369, "mnode tag TAOS_DEFINE_ERROR(TSDB_CODE_MND_TAG_NOT_EXIST, 0, 0x036A, "mnode tag not exist") TAOS_DEFINE_ERROR(TSDB_CODE_MND_FIELD_ALREAY_EXIST, 0, 0x036B, "mnode field already exist") TAOS_DEFINE_ERROR(TSDB_CODE_MND_FIELD_NOT_EXIST, 0, 0x036C, "mnode field not exist") +TAOS_DEFINE_ERROR(TSDB_CODE_MND_INVALID_STABLE_NAME, 0, 0x036D, "mnode invalid stable name") TAOS_DEFINE_ERROR(TSDB_CODE_MND_DB_NOT_SELECTED, 0, 0x0380, "mnode db not selected") TAOS_DEFINE_ERROR(TSDB_CODE_MND_DB_ALREADY_EXIST, 0, 0x0381, "mnode database aleady exist") diff --git a/src/mnode/src/mnodeTable.c b/src/mnode/src/mnodeTable.c index 65900a60db..23b62f1aa3 100644 --- a/src/mnode/src/mnodeTable.c +++ b/src/mnode/src/mnodeTable.c @@ -1964,9 +1964,15 @@ static int32_t mnodeDoGetChildTableMeta(SMnodeMsg *pMsg, STableMetaMsg *pMeta) { static int32_t mnodeAutoCreateChildTable(SMnodeMsg *pMsg) { SCMTableInfoMsg *pInfo = pMsg->rpcMsg.pCont; - STagData *pTag = (STagData *)pInfo->tags; + STagData *pTags = (STagData *)pInfo->tags; + int32_t tagLen = htonl(pTags->dataLen); + if (pTags->name[0] == 0) { + mError("app:%p:%p, table:%s, failed to create table on demand for stable is empty, tagLen:%d", pMsg->rpcMsg.ahandle, + pMsg, pInfo->tableId, tagLen); + return TSDB_CODE_MND_INVALID_STABLE_NAME; + } - int32_t contLen = sizeof(SCMCreateTableMsg) + offsetof(STagData, data) + htonl(pTag->dataLen); + int32_t contLen = sizeof(SCMCreateTableMsg) + offsetof(STagData, data) + tagLen; SCMCreateTableMsg *pCreateMsg = rpcMallocCont(contLen); if (pCreateMsg == NULL) { mError("app:%p:%p, table:%s, failed to create table while get meta info, no enough memory", pMsg->rpcMsg.ahandle, @@ -1981,9 +1987,9 @@ static int32_t mnodeAutoCreateChildTable(SMnodeMsg *pMsg) { pCreateMsg->getMeta = 1; pCreateMsg->contLen = htonl(contLen); - memcpy(pCreateMsg->schema, pInfo->tags, contLen - sizeof(SCMCreateTableMsg)); - mDebug("app:%p:%p, table:%s, start to create on demand, stable:%s", pMsg->rpcMsg.ahandle, pMsg, pInfo->tableId, - ((STagData *)(pCreateMsg->schema))->name); + memcpy(pCreateMsg->schema, pTags, contLen); + mDebug("app:%p:%p, table:%s, start to create on demand, tagLen:%d stable:%s", + pMsg->rpcMsg.ahandle, pMsg, pInfo->tableId, tagLen, pTags->name); rpcFreeCont(pMsg->rpcMsg.pCont); pMsg->rpcMsg.msgType = TSDB_MSG_TYPE_CM_CREATE_TABLE; -- GitLab