From fb49fd40cddccccf4a3a3933a173ffcf9302d028 Mon Sep 17 00:00:00 2001 From: Haojun Liao Date: Thu, 14 Jul 2022 10:44:35 +0800 Subject: [PATCH] fix(query):fix invalid write in sample query processing. --- source/libs/function/src/builtinsimpl.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/source/libs/function/src/builtinsimpl.c b/source/libs/function/src/builtinsimpl.c index e622c0c1af..97cb1f0ee1 100644 --- a/source/libs/function/src/builtinsimpl.c +++ b/source/libs/function/src/builtinsimpl.c @@ -3461,9 +3461,16 @@ void doAddIntoResult(SqlFunctionCtx* pCtx, void* pData, int32_t rowIndex, SSData } } +/* + * +------------------------------------+--------------+--------------+ + * | null bitmap | | | + * |(n columns, one bit for each column)| src column #1| src column #2| + * +------------------------------------+--------------+--------------+ + */ void saveTupleData(SqlFunctionCtx* pCtx, int32_t rowIndex, const SSDataBlock* pSrcBlock, STuplePos* pPos) { SFilePage* pPage = NULL; + // todo refactor: move away int32_t completeRowSize = pCtx->subsidiaries.num * sizeof(bool); for (int32_t j = 0; j < pCtx->subsidiaries.num; ++j) { SqlFunctionCtx* pc = pCtx->subsidiaries.pCtx[j]; @@ -3476,12 +3483,15 @@ void saveTupleData(SqlFunctionCtx* pCtx, int32_t rowIndex, const SSDataBlock* pS } else { pPage = getBufPage(pCtx->pBuf, pCtx->curBufPage); if (pPage->num + completeRowSize > getBufPageSize(pCtx->pBuf)) { + // current page is all used, let's prepare a new buffer page + releaseBufPage(pCtx->pBuf, pPage); pPage = getNewBufPage(pCtx->pBuf, 0, &pCtx->curBufPage); pPage->num = sizeof(SFilePage); } } pPos->pageId = pCtx->curBufPage; + pPos->offset = pPage->num; // keep the current row data, extract method int32_t offset = 0; @@ -3509,7 +3519,6 @@ void saveTupleData(SqlFunctionCtx* pCtx, int32_t rowIndex, const SSDataBlock* pS offset += pCol->info.bytes; } - pPos->offset = pPage->num; pPage->num += completeRowSize; setBufPageDirty(pPage, true); @@ -4839,7 +4848,7 @@ static void doReservoirSample(SqlFunctionCtx* pCtx, SSampleInfo* pInfo, char* da if (pInfo->numSampled < pInfo->samples) { sampleAssignResult(pInfo, data, pInfo->numSampled); if (pCtx->subsidiaries.num > 0) { - saveTupleData(pCtx, index, pCtx->pSrcBlock, pInfo->tuplePos + pInfo->numSampled * sizeof(STuplePos)); + saveTupleData(pCtx, index, pCtx->pSrcBlock, &pInfo->tuplePos[pInfo->numSampled]); } pInfo->numSampled++; } else { @@ -4847,7 +4856,7 @@ static void doReservoirSample(SqlFunctionCtx* pCtx, SSampleInfo* pInfo, char* da if (j < pInfo->samples) { sampleAssignResult(pInfo, data, j); if (pCtx->subsidiaries.num > 0) { - copyTupleData(pCtx, index, pCtx->pSrcBlock, pInfo->tuplePos + j * sizeof(STuplePos)); + copyTupleData(pCtx, index, pCtx->pSrcBlock, &pInfo->tuplePos[j]); } } } @@ -4885,7 +4894,7 @@ int32_t sampleFinalize(SqlFunctionCtx* pCtx, SSDataBlock* pBlock) { int32_t currentRow = pBlock->info.rows; for (int32_t i = 0; i < pInfo->numSampled; ++i) { colDataAppend(pCol, currentRow + i, pInfo->data + i * pInfo->colBytes, false); - setSelectivityValue(pCtx, pBlock, pInfo->tuplePos + i * sizeof(STuplePos), currentRow + i); + setSelectivityValue(pCtx, pBlock, &pInfo->tuplePos[i], currentRow + i); } return pInfo->numSampled; -- GitLab