Merge pull request #13764 from taosdata/fix/invalidIdx

fix: invalid read/write

source/dnode/vnode/src/meta/metaQuery.c

@@ -663,12 +663,23 @@ int32_t metaFilteTableIds(SMeta *pMeta, SMetaFltParam *param, SArray *pUids) {
 
   void *  entryKey = NULL, *entryVal = NULL;
   int32_t nEntryKey, nEntryVal;
+  bool    first = true;
   while (1) {
     valid = tdbTbcGet(pCursor->pCur, (const void **)&entryKey, &nEntryKey, (const void **)&entryVal, &nEntryVal);
     if (valid < 0) {
       break;
     }
     STagIdxKey *p = entryKey;
+    if (p->type != pCursor->type) {
+      if (first) {
+        valid = param->reverse ? tdbTbcMoveToPrev(pCursor->pCur) : tdbTbcMoveToNext(pCursor->pCur);
+        if (valid < 0) break;
+        continue;
+      } else {
+        break;
+      }
+    }
+    first = false;
     if (p != NULL) {
       int32_t cmp = (*param->filterFunc)(p->data, pKey->data, pKey->type);
       if (cmp == 0) {

source/libs/index/src/indexFilter.c

@@ -97,7 +97,14 @@ static int32_t sifGetOperParamNum(EOperatorType ty) {
   }
   return 2;
 }
-static int32_t sifValidateColumn(SColumnNode *cn) {
+static int32_t sifValidOp(EOperatorType ty) {
+  if ((ty >= OP_TYPE_ADD && ty <= OP_TYPE_BIT_OR) || (ty == OP_TYPE_IN || ty == OP_TYPE_NOT_IN) ||
+      (ty == OP_TYPE_LIKE || ty == OP_TYPE_NOT_LIKE || ty == OP_TYPE_MATCH || ty == OP_TYPE_NMATCH)) {
+    return -1;
+  }
+  return 0;
+}
+static int32_t sifValidColumn(SColumnNode *cn) {
   // add more check
   if (cn == NULL) {
     return TSDB_CODE_QRY_INVALID_INPUT;
@@ -176,6 +183,7 @@ static int32_t sifInitJsonParam(SNode *node, SIFParam *param, SIFCtx *ctx) {
   memcpy(param->colName, r->literal, strlen(r->literal));
   // sprintf(param->colName, "%s_%s", l->colName, r->literal);
   param->colValType = r->typeData;
+  param->status = SFLT_COARSE_INDEX;
   return 0;
   // memcpy(param->colName, l->colName, sizeof(l->colName));
 }
@@ -197,7 +205,7 @@ static int32_t sifInitParam(SNode *node, SIFParam *param, SIFCtx *ctx) {
     case QUERY_NODE_COLUMN: {
       SColumnNode *cn = (SColumnNode *)node;
       /*only support tag column*/
-      SIF_ERR_RET(sifValidateColumn(cn));
+      SIF_ERR_RET(sifValidColumn(cn));
 
       param->colId = cn->colId;
       param->colValType = cn->node.resType.type;
@@ -247,11 +255,13 @@ static int32_t sifInitOperParams(SIFParam **params, SOperatorNode *node, SIFCtx
     return code;
   }
   SIFParam *paramList = taosMemoryCalloc(nParam, sizeof(SIFParam));
+
   if (NULL == paramList) {
     SIF_ERR_RET(TSDB_CODE_QRY_OUT_OF_MEMORY);
   }
 
-  if (nodeType(node->pLeft) == QUERY_NODE_OPERATOR) {
+  if (nodeType(node->pLeft) == QUERY_NODE_OPERATOR &&
+      (((SOperatorNode *)(node->pLeft))->opType == OP_TYPE_JSON_GET_VALUE)) {
     SNode *interNode = (node->pLeft);
     SIF_ERR_JRET(sifInitJsonParam(interNode, &paramList[0], ctx));
     if (nParam > 1) {
@@ -505,6 +515,11 @@ static int32_t sifGetOperFn(int32_t funcId, sif_func_t *func, SIdxFltStatus *sta
 
 static int32_t sifExecOper(SOperatorNode *node, SIFCtx *ctx, SIFParam *output) {
   int32_t code = 0;
+  if (sifValidOp(node->opType) < 0) {
+    output->status = SFLT_NOT_INDEX;
+    return code;
+  }
+
   int32_t nParam = sifGetOperParamNum(node->opType);
   if (nParam <= 1) {
     output->status = SFLT_NOT_INDEX;
@@ -513,9 +528,15 @@ static int32_t sifExecOper(SOperatorNode *node, SIFCtx *ctx, SIFParam *output) {
   if (node->opType == OP_TYPE_JSON_GET_VALUE) {
     return code;
   }
-  SIFParam *params = NULL;
 
+  SIFParam *params = NULL;
   SIF_ERR_RET(sifInitOperParams(&params, node, ctx));
+
+  if (params[0].status == SFLT_NOT_INDEX || (nParam > 1 && params[1].status == SFLT_NOT_INDEX)) {
+    output->status = SFLT_NOT_INDEX;
+    return code;
+  }
+
   // ugly code, refactor later
   output->arg = ctx->arg;
   sif_func_t operFn = sifNullFunc;

tests/script/tsim/stable/tag_filter.sim

@@ -73,5 +73,80 @@ if $rows != 6 then
 endi
 
 
+print ========== prepare stbBin and ctbBin
+sql create table db.stbBin (ts timestamp, c1 int, c2 binary(4)) tags(t1 binary(16))
 
+
+sql create table db.ctbBin using db.stbBin tags("a")
+sql insert into db.ctbBin values(now, 1, "2")
+
+sql create table db.ctbBin1 using db.stbBin tags("b")
+sql insert into db.ctbBin1 values(now, 2, "2")
+
+sql create table db.ctbBin2 using db.stbBin tags("c")
+sql insert into db.ctbBin2 values(now, 3, "2")
+
+sql create table db.ctbBin3 using db.stbBin tags("d")
+sql insert into db.ctbBin3 values(now, 4, "2")
+
+sql select * from db.stbBin where t1 = "a" 
+if $rows != 1 then 
+  return -1
+endi
+
+
+sql select * from db.stbBin where t1 < "a" 
+if $rows != 0 then 
+  return -=1
+endi
+
+sql select * from db.stbBin where t1 < "b" 
+if $rows != 1 then 
+  return -1
+endi
+
+
+sql select * from db.stbBin where t1 between "a" and "e" 
+if $rows != 4 then 
+  return -1
+endi
+
+
+print ========== prepare stbNc and ctbNc
+sql create table db.stbNc (ts timestamp, c1 int, c2 binary(4)) tags(t1 nchar(16))
+
+
+sql create table db.ctbNc using db.stbNc tags("a")
+sql insert into db.ctbNc values(now, 1, "2")
+
+sql create table db.ctbNc1 using db.stbNc tags("b")
+sql insert into db.ctbNc1 values(now, 2, "2")
+
+sql create table db.ctbNc2 using db.stbNc tags("c")
+sql insert into db.ctbNc2 values(now, 3, "2")
+
+sql create table db.ctbNc3 using db.stbNc tags("d")
+sql insert into db.ctbNc3 values(now, 4, "2")
+
+sql select * from db.stbNc where t1 = "a" 
+if $rows != 1 then 
+  return -1
+endi
+
+
+sql select * from db.stbNc where t1 < "a" 
+if $rows != 0 then 
+  return -=1
+endi
+
+sql select * from db.stbNc where t1 < "b" 
+if $rows != 1 then 
+  return -1
+endi
+
+
+sql select * from db.stbNc where t1 between "a" and "e" 
+if $rows != 4 then 
+  return -1
+endi
 system sh/exec.sh -n dnode1 -s stop -x SIGINT