提交 4be7a595 编写于 作者: H Haojun Liao

[td-225] fix invalid read in taocache

上级 cf840735
...@@ -47,7 +47,7 @@ typedef struct SCacheDataNode { ...@@ -47,7 +47,7 @@ typedef struct SCacheDataNode {
typedef struct STrashElem { typedef struct STrashElem {
struct STrashElem *prev; struct STrashElem *prev;
struct STrashElem *next; struct STrashElem *next;
SCacheDataNode * pData; SCacheDataNode *pData;
} STrashElem; } STrashElem;
typedef struct { typedef struct {
......
...@@ -529,7 +529,7 @@ void taosHashTableResize(SHashObj *pHashObj) { ...@@ -529,7 +529,7 @@ void taosHashTableResize(SHashObj *pHashObj) {
} }
SHashNode *doCreateHashNode(const void *key, size_t keyLen, const void *pData, size_t dsize, uint32_t hashVal) { SHashNode *doCreateHashNode(const void *key, size_t keyLen, const void *pData, size_t dsize, uint32_t hashVal) {
size_t totalSize = dsize + sizeof(SHashNode) + keyLen + 1; // one extra byte for null size_t totalSize = dsize + sizeof(SHashNode) + keyLen;
SHashNode *pNewNode = calloc(1, totalSize); SHashNode *pNewNode = calloc(1, totalSize);
if (pNewNode == NULL) { if (pNewNode == NULL) {
...@@ -544,7 +544,6 @@ SHashNode *doCreateHashNode(const void *key, size_t keyLen, const void *pData, s ...@@ -544,7 +544,6 @@ SHashNode *doCreateHashNode(const void *key, size_t keyLen, const void *pData, s
pNewNode->keyLen = keyLen; pNewNode->keyLen = keyLen;
pNewNode->hashVal = hashVal; pNewNode->hashVal = hashVal;
return pNewNode; return pNewNode;
} }
...@@ -559,7 +558,6 @@ SHashNode *doUpdateHashNode(SHashNode *pNode, const void *key, size_t keyLen, co ...@@ -559,7 +558,6 @@ SHashNode *doUpdateHashNode(SHashNode *pNode, const void *key, size_t keyLen, co
memcpy(pNewNode->data, pData, dsize); memcpy(pNewNode->data, pData, dsize);
pNewNode->key = pNewNode->data + dsize; pNewNode->key = pNewNode->data + dsize;
assert(memcmp(pNewNode->key, key, keyLen) == 0 && keyLen == pNewNode->keyLen); assert(memcmp(pNewNode->key, key, keyLen) == 0 && keyLen == pNewNode->keyLen);
memcpy(pNewNode->key, key, keyLen); memcpy(pNewNode->key, key, keyLen);
......
...@@ -77,7 +77,7 @@ static FORCE_INLINE void taosFreeNode(void *data) { ...@@ -77,7 +77,7 @@ static FORCE_INLINE void taosFreeNode(void *data) {
* @param lifespan total survial expiredTime from now * @param lifespan total survial expiredTime from now
* @return SCacheDataNode * @return SCacheDataNode
*/ */
static SCacheDataNode *taosCreateHashNode(const char *key, size_t keyLen, const char *pData, size_t size, static SCacheDataNode *taosCreateCacheNode(const char *key, size_t keyLen, const char *pData, size_t size,
uint64_t duration) { uint64_t duration) {
size_t totalSize = size + sizeof(SCacheDataNode) + keyLen + 1; size_t totalSize = size + sizeof(SCacheDataNode) + keyLen + 1;
...@@ -242,13 +242,14 @@ static SCacheDataNode *taosUpdateCacheImpl(SCacheObj *pCacheObj, SCacheDataNode ...@@ -242,13 +242,14 @@ static SCacheDataNode *taosUpdateCacheImpl(SCacheObj *pCacheObj, SCacheDataNode
// only a node is not referenced by any other object, in-place update it // only a node is not referenced by any other object, in-place update it
if (T_REF_VAL_GET(pNode) == 0) { if (T_REF_VAL_GET(pNode) == 0) {
size_t newSize = sizeof(SCacheDataNode) + dataSize + keyLen; size_t newSize = sizeof(SCacheDataNode) + dataSize + keyLen + 1;
pNewNode = (SCacheDataNode *)realloc(pNode, newSize); pNewNode = (SCacheDataNode *)realloc(pNode, newSize);
if (pNewNode == NULL) { if (pNewNode == NULL) {
return NULL; return NULL;
} }
memset(pNewNode, 0, newSize);
pNewNode->signature = (uint64_t)pNewNode; pNewNode->signature = (uint64_t)pNewNode;
memcpy(pNewNode->data, pData, dataSize); memcpy(pNewNode->data, pData, dataSize);
...@@ -267,7 +268,7 @@ static SCacheDataNode *taosUpdateCacheImpl(SCacheObj *pCacheObj, SCacheDataNode ...@@ -267,7 +268,7 @@ static SCacheDataNode *taosUpdateCacheImpl(SCacheObj *pCacheObj, SCacheDataNode
} else { } else {
taosCacheMoveToTrash(pCacheObj, pNode); taosCacheMoveToTrash(pCacheObj, pNode);
pNewNode = taosCreateHashNode(key, keyLen, pData, dataSize, duration); pNewNode = taosCreateCacheNode(key, keyLen, pData, dataSize, duration);
if (pNewNode == NULL) { if (pNewNode == NULL) {
return NULL; return NULL;
} }
...@@ -293,7 +294,7 @@ static SCacheDataNode *taosUpdateCacheImpl(SCacheObj *pCacheObj, SCacheDataNode ...@@ -293,7 +294,7 @@ static SCacheDataNode *taosUpdateCacheImpl(SCacheObj *pCacheObj, SCacheDataNode
*/ */
static FORCE_INLINE SCacheDataNode *taosAddToCacheImpl(SCacheObj *pCacheObj, const char *key, size_t keyLen, const void *pData, static FORCE_INLINE SCacheDataNode *taosAddToCacheImpl(SCacheObj *pCacheObj, const char *key, size_t keyLen, const void *pData,
size_t dataSize, uint64_t duration) { size_t dataSize, uint64_t duration) {
SCacheDataNode *pNode = taosCreateHashNode(key, keyLen, pData, dataSize, duration); SCacheDataNode *pNode = taosCreateCacheNode(key, keyLen, pData, dataSize, duration);
if (pNode == NULL) { if (pNode == NULL) {
return NULL; return NULL;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册