From 4be7a595bb0138ec5cfdd858b0dc5604234234f9 Mon Sep 17 00:00:00 2001 From: Haojun Liao Date: Tue, 2 Jun 2020 00:38:46 +0800 Subject: [PATCH] [td-225] fix invalid read in taocache --- src/util/inc/tcache.h | 2 +- src/util/src/hash.c | 4 +--- src/util/src/tcache.c | 9 +++++---- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/src/util/inc/tcache.h b/src/util/inc/tcache.h index 6dd707b763..6a22bdea6a 100644 --- a/src/util/inc/tcache.h +++ b/src/util/inc/tcache.h @@ -47,7 +47,7 @@ typedef struct SCacheDataNode { typedef struct STrashElem { struct STrashElem *prev; struct STrashElem *next; - SCacheDataNode * pData; + SCacheDataNode *pData; } STrashElem; typedef struct { diff --git a/src/util/src/hash.c b/src/util/src/hash.c index 93b8e30f1e..95d0ce7081 100644 --- a/src/util/src/hash.c +++ b/src/util/src/hash.c @@ -529,7 +529,7 @@ void taosHashTableResize(SHashObj *pHashObj) { } SHashNode *doCreateHashNode(const void *key, size_t keyLen, const void *pData, size_t dsize, uint32_t hashVal) { - size_t totalSize = dsize + sizeof(SHashNode) + keyLen + 1; // one extra byte for null + size_t totalSize = dsize + sizeof(SHashNode) + keyLen; SHashNode *pNewNode = calloc(1, totalSize); if (pNewNode == NULL) { @@ -544,7 +544,6 @@ SHashNode *doCreateHashNode(const void *key, size_t keyLen, const void *pData, s pNewNode->keyLen = keyLen; pNewNode->hashVal = hashVal; - return pNewNode; } @@ -559,7 +558,6 @@ SHashNode *doUpdateHashNode(SHashNode *pNode, const void *key, size_t keyLen, co memcpy(pNewNode->data, pData, dsize); pNewNode->key = pNewNode->data + dsize; - assert(memcmp(pNewNode->key, key, keyLen) == 0 && keyLen == pNewNode->keyLen); memcpy(pNewNode->key, key, keyLen); diff --git a/src/util/src/tcache.c b/src/util/src/tcache.c index 2641d2eacb..82873f9906 100644 --- a/src/util/src/tcache.c +++ b/src/util/src/tcache.c @@ -77,7 +77,7 @@ static FORCE_INLINE void taosFreeNode(void *data) { * @param lifespan total survial expiredTime from now * @return SCacheDataNode */ -static SCacheDataNode *taosCreateHashNode(const char *key, size_t keyLen, const char *pData, size_t size, +static SCacheDataNode *taosCreateCacheNode(const char *key, size_t keyLen, const char *pData, size_t size, uint64_t duration) { size_t totalSize = size + sizeof(SCacheDataNode) + keyLen + 1; @@ -242,13 +242,14 @@ static SCacheDataNode *taosUpdateCacheImpl(SCacheObj *pCacheObj, SCacheDataNode // only a node is not referenced by any other object, in-place update it if (T_REF_VAL_GET(pNode) == 0) { - size_t newSize = sizeof(SCacheDataNode) + dataSize + keyLen; + size_t newSize = sizeof(SCacheDataNode) + dataSize + keyLen + 1; pNewNode = (SCacheDataNode *)realloc(pNode, newSize); if (pNewNode == NULL) { return NULL; } + memset(pNewNode, 0, newSize); pNewNode->signature = (uint64_t)pNewNode; memcpy(pNewNode->data, pData, dataSize); @@ -267,7 +268,7 @@ static SCacheDataNode *taosUpdateCacheImpl(SCacheObj *pCacheObj, SCacheDataNode } else { taosCacheMoveToTrash(pCacheObj, pNode); - pNewNode = taosCreateHashNode(key, keyLen, pData, dataSize, duration); + pNewNode = taosCreateCacheNode(key, keyLen, pData, dataSize, duration); if (pNewNode == NULL) { return NULL; } @@ -293,7 +294,7 @@ static SCacheDataNode *taosUpdateCacheImpl(SCacheObj *pCacheObj, SCacheDataNode */ static FORCE_INLINE SCacheDataNode *taosAddToCacheImpl(SCacheObj *pCacheObj, const char *key, size_t keyLen, const void *pData, size_t dataSize, uint64_t duration) { - SCacheDataNode *pNode = taosCreateHashNode(key, keyLen, pData, dataSize, duration); + SCacheDataNode *pNode = taosCreateCacheNode(key, keyLen, pData, dataSize, duration); if (pNode == NULL) { return NULL; } -- GitLab