From 95f5d7695dfbcad9be3b168e0443d2eb2613c45c Mon Sep 17 00:00:00 2001
From: wangmm0220 <wangmm0220@gmail.com>
Date: Wed, 29 Jun 2022 18:05:09 +0800
Subject: [PATCH] fix:core dump in top/bottom with group by tag if tag is big
 size and flush/get from disk with page buffer & fix _group_by key function
 heap overflow

---
 source/libs/function/src/builtinsimpl.c | 10 ++++++----
 source/util/src/tpagedbuf.c             |  4 ++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/source/libs/function/src/builtinsimpl.c b/source/libs/function/src/builtinsimpl.c
index 91ceb067c5..ef0e640885 100644
--- a/source/libs/function/src/builtinsimpl.c
+++ b/source/libs/function/src/builtinsimpl.c
@@ -3148,7 +3148,7 @@ void copyTupleData(SqlFunctionCtx* pCtx, int32_t rowIndex, const SSDataBlock* pS
 
 int32_t topBotFinalize(SqlFunctionCtx* pCtx, SSDataBlock* pBlock) {
   SResultRowEntryInfo* pEntryInfo = GET_RES_INFO(pCtx);
-  STopBotRes*          pRes = GET_ROWCELL_INTERBUF(pEntryInfo);
+  STopBotRes*          pRes = getTopBotOutputInfo(pCtx);
 
   int16_t type = pCtx->input.pData[0]->info.type;
   int32_t slotId = pCtx->pExpr->base.resSchema.slotId;
@@ -5382,8 +5382,6 @@ int32_t groupKeyFunction(SqlFunctionCtx* pCtx) {
   SInputColumnInfoData* pInput = &pCtx->input;
   SColumnInfoData*   pInputCol = pInput->pData[0];
 
-  int32_t bytes = pInputCol->info.bytes;
-
   int32_t startIndex = pInput->startRowIndex;
 
   //escape rest of data blocks to avoid first entry be overwritten.
@@ -5398,7 +5396,11 @@ int32_t groupKeyFunction(SqlFunctionCtx* pCtx) {
   }
 
   char* data = colDataGetData(pInputCol, startIndex);
-  memcpy(pInfo->data, data, bytes);
+  if (IS_VAR_DATA_TYPE(pInputCol->info.type)) {
+    memcpy(pInfo->data, data, (pInputCol->info.type == TSDB_DATA_TYPE_JSON) ? getJsonValueLen(data): varDataTLen(data));
+  } else {
+    memcpy(pInfo->data, data, pInputCol->info.bytes);
+  }
   pInfo->hasResult = true;
 
 _group_key_over:
diff --git a/source/util/src/tpagedbuf.c b/source/util/src/tpagedbuf.c
index 985fa5693f..53cbd08c24 100644
--- a/source/util/src/tpagedbuf.c
+++ b/source/util/src/tpagedbuf.c
@@ -193,7 +193,7 @@ static char* doFlushPageToDisk(SDiskbasedBuf* pBuf, SPageInfo* pg) {
 
   char* pDataBuf = pg->pData;
   memset(pDataBuf, 0, getAllocPageSize(pBuf->pageSize));
-
+  uDebug("page_flush %p, pageId:%d, offset:%d", pDataBuf, pg->pageId, pg->offset);
   pg->length = size;  // on disk size
   return pDataBuf;
 }
@@ -440,7 +440,7 @@ void* getNewBufPage(SDiskbasedBuf* pBuf, int32_t groupId, int32_t* pageId) {
   }
 
   ((void**)pi->pData)[0] = pi;
-  uDebug("page_getNewBufPage pageId:%d, offset:%"PRId64, pi->pageId, pi->offset);
+  uDebug("page_getNewBufPage , pi->pData:%p, pageId:%d, offset:%"PRId64, pi->pData, pi->pageId, pi->offset);
   return (void*)(GET_DATA_PAYLOAD(pi));
 }
 
-- 
GitLab