From f7c6347c50e95133ce621db0039feede2adfaade Mon Sep 17 00:00:00 2001 From: Shuduo Sang Date: Wed, 30 Jun 2021 21:35:26 +0800 Subject: [PATCH] Hotfix/sangshuduo/td 4918 taosdemo sub afterconsume for develop (#6689) * [TD-4918]: taosdemo subscribe endAfterResume. * fix heap use-after-free issue. Co-authored-by: Shuduo Sang --- src/client/src/tscServer.c | 2 +- src/kit/taosdemo/taosdemo.c | 8 +++++--- src/mnode/src/mnodeTable.c | 4 +++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/client/src/tscServer.c b/src/client/src/tscServer.c index 7fc47947c8..8181898ec7 100644 --- a/src/client/src/tscServer.c +++ b/src/client/src/tscServer.c @@ -484,8 +484,8 @@ void tscProcessMsgFromServer(SRpcMsg *rpcMsg, SRpcEpSet *pEpSet) { } if (shouldFree) { // in case of table-meta/vgrouplist query, automatically free it - taosRemoveRef(tscObjRef, handle); tscDebug("0x%"PRIx64" sqlObj is automatically freed", pSql->self); + taosRemoveRef(tscObjRef, handle); } taosReleaseRef(tscObjRef, handle); diff --git a/src/kit/taosdemo/taosdemo.c b/src/kit/taosdemo/taosdemo.c index f6dc6d9c79..93fac54233 100644 --- a/src/kit/taosdemo/taosdemo.c +++ b/src/kit/taosdemo/taosdemo.c @@ -636,6 +636,9 @@ static FILE * g_fpOfInsertResult = NULL; #define errorPrint(fmt, ...) \ do { fprintf(stderr, "ERROR: "fmt, __VA_ARGS__); } while(0) +// for strncpy buffer overflow +#define min(a, b) (((a) < (b)) ? (a) : (b)) + /////////////////////////////////////////////////// @@ -2574,7 +2577,7 @@ static int getSuperTableFromServer(TAOS * taos, char* dbName, fields[TSDB_DESCRIBE_METRIC_FIELD_INDEX].bytes); tstrncpy(superTbls->tags[tagIndex].dataType, (char *)row[TSDB_DESCRIBE_METRIC_TYPE_INDEX], - fields[TSDB_DESCRIBE_METRIC_TYPE_INDEX].bytes); + min(15, fields[TSDB_DESCRIBE_METRIC_TYPE_INDEX].bytes)); superTbls->tags[tagIndex].dataLen = *((int *)row[TSDB_DESCRIBE_METRIC_LENGTH_INDEX]); tstrncpy(superTbls->tags[tagIndex].note, @@ -2587,7 +2590,7 @@ static int getSuperTableFromServer(TAOS * taos, char* dbName, fields[TSDB_DESCRIBE_METRIC_FIELD_INDEX].bytes); tstrncpy(superTbls->columns[columnIndex].dataType, (char *)row[TSDB_DESCRIBE_METRIC_TYPE_INDEX], - fields[TSDB_DESCRIBE_METRIC_TYPE_INDEX].bytes); + min(15, fields[TSDB_DESCRIBE_METRIC_TYPE_INDEX].bytes)); superTbls->columns[columnIndex].dataLen = *((int *)row[TSDB_DESCRIBE_METRIC_LENGTH_INDEX]); tstrncpy(superTbls->columns[columnIndex].note, @@ -7472,7 +7475,6 @@ static void *specifiedSubscribe(void *sarg) { } } taos_free_result(g_queryInfo.specifiedQueryInfo.res[pThreadInfo->threadID]); - taos_unsubscribe(g_queryInfo.specifiedQueryInfo.tsub[pThreadInfo->querySeq], 0); taos_close(pThreadInfo->taos); return NULL; diff --git a/src/mnode/src/mnodeTable.c b/src/mnode/src/mnodeTable.c index 6c96f1f0d2..189c4b6005 100644 --- a/src/mnode/src/mnodeTable.c +++ b/src/mnode/src/mnodeTable.c @@ -2075,7 +2075,9 @@ static int32_t mnodeDoCreateChildTable(SMnodeMsg *pMsg, int32_t tid) { } else { if (pTable->info.type == TSDB_SUPER_TABLE) { int64_t us = taosGetTimestampUs(); - pTable->uid = (us << 24) + ((sdbGetVersion() & ((1ul << 16) - 1ul)) << 8) + (taosRand() & ((1ul << 8) - 1ul)); + uint64_t x = (us&0x000000FFFFFFFFFF); + x = x<<24; + pTable->uid = x + ((sdbGetVersion() & ((1ul << 16) - 1ul)) << 8) + (taosRand() & ((1ul << 8) - 1ul)); } else { pTable->uid = (((uint64_t)pTable->vgId) << 48) + ((((uint64_t)pTable->tid) & ((1ul << 24) - 1ul)) << 24) + ((sdbGetVersion() & ((1ul << 16) - 1ul)) << 8) + (taosRand() & ((1ul << 8) - 1ul)); -- GitLab