From 4c3365f69c083b761eab9316c57ca7b8ca168174 Mon Sep 17 00:00:00 2001 From: Haolin Wang Date: Wed, 18 Dec 2024 16:26:56 +0800 Subject: [PATCH 1/2] alert: error out when hitting buffer overflow in tsdb retrieving rows --- source/dnode/vnode/src/tsdb/tsdbCacheRead.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/source/dnode/vnode/src/tsdb/tsdbCacheRead.c b/source/dnode/vnode/src/tsdb/tsdbCacheRead.c index f5aeb609d525..f28e05c0cb78 100644 --- a/source/dnode/vnode/src/tsdb/tsdbCacheRead.c +++ b/source/dnode/vnode/src/tsdb/tsdbCacheRead.c @@ -161,8 +161,15 @@ static int32_t saveOneRow(SArray* pRow, SSDataBlock* pBlock, SCacheRowsReader* p // allNullRow = p->isNull & allNullRow; if (!p->isNull) { if (IS_VAR_DATA_TYPE(pColVal->colVal.value.type)) { + int32_t pkBufLen = (pReader->rowKey.numOfPKs > 0) ? pReader->pkColumn.bytes : 0; + uint32_t allocBufLen = pReader->pSchema->columns[slotId].bytes + pkBufLen; + if (allocBufLen < pColVal->colVal.value.nData) { + tsdbError("buffer overflow at row key:%" PRIu64 ", data length %u exceeded the allocated buffer size %u", + ts, pColVal->colVal.value.nData, allocBufLen); + code = TSDB_CODE_OUT_OF_RANGE; + TSDB_CHECK_CODE(code, lino, _end); + } varDataSetLen(p->buf, pColVal->colVal.value.nData); - memcpy(varDataVal(p->buf), pColVal->colVal.value.pData, pColVal->colVal.value.nData); p->bytes = pColVal->colVal.value.nData + VARSTR_HEADER_SIZE; // binary needs to plus the header size } else { From 8b72f67a48cea807f9937fcd312d2c457f283c73 Mon Sep 17 00:00:00 2001 From: Haolin Wang Date: Thu, 19 Dec 2024 16:55:04 +0800 Subject: [PATCH 2/2] add more logs --- source/dnode/vnode/src/tsdb/tsdbCache.c | 3 +++ source/dnode/vnode/src/tsdb/tsdbCacheRead.c | 8 +++++--- source/dnode/vnode/src/tsdb/tsdbUtil.c | 10 ++++++++++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/source/dnode/vnode/src/tsdb/tsdbCache.c b/source/dnode/vnode/src/tsdb/tsdbCache.c index 8fd0d479697a..86d87de8ceaf 100644 --- a/source/dnode/vnode/src/tsdb/tsdbCache.c +++ b/source/dnode/vnode/src/tsdb/tsdbCache.c @@ -795,6 +795,9 @@ static int32_t reallocVarDataVal(SValue *pValue) { uint8_t *pVal = pValue->pData; uint32_t nData = pValue->nData; if (nData > 0) { + // [TODO] + tsdbInfo("reallocVarDataVal(): nData alloced %u", nData); + uint8_t *p = taosMemoryMalloc(nData); if (!p) { TAOS_RETURN(terrno); diff --git a/source/dnode/vnode/src/tsdb/tsdbCacheRead.c b/source/dnode/vnode/src/tsdb/tsdbCacheRead.c index f28e05c0cb78..9fadec3049af 100644 --- a/source/dnode/vnode/src/tsdb/tsdbCacheRead.c +++ b/source/dnode/vnode/src/tsdb/tsdbCacheRead.c @@ -164,10 +164,12 @@ static int32_t saveOneRow(SArray* pRow, SSDataBlock* pBlock, SCacheRowsReader* p int32_t pkBufLen = (pReader->rowKey.numOfPKs > 0) ? pReader->pkColumn.bytes : 0; uint32_t allocBufLen = pReader->pSchema->columns[slotId].bytes + pkBufLen; if (allocBufLen < pColVal->colVal.value.nData) { - tsdbError("buffer overflow at row key:%" PRIu64 ", data length %u exceeded the allocated buffer size %u", - ts, pColVal->colVal.value.nData, allocBufLen); + tsdbError("buffer overflow at row key:%" PRIu64 + ", data length %u exceeded the allocated buffer size %u" + ", pkBufLen = %d", + ts, pColVal->colVal.value.nData, allocBufLen, pkBufLen); code = TSDB_CODE_OUT_OF_RANGE; - TSDB_CHECK_CODE(code, lino, _end); + // TSDB_CHECK_CODE(code, lino, _end); } varDataSetLen(p->buf, pColVal->colVal.value.nData); memcpy(varDataVal(p->buf), pColVal->colVal.value.pData, pColVal->colVal.value.nData); diff --git a/source/dnode/vnode/src/tsdb/tsdbUtil.c b/source/dnode/vnode/src/tsdb/tsdbUtil.c index f807ecf2d6c2..f8c020e2e7b8 100644 --- a/source/dnode/vnode/src/tsdb/tsdbUtil.c +++ b/source/dnode/vnode/src/tsdb/tsdbUtil.c @@ -817,6 +817,11 @@ int32_t tsdbRowMergerAdd(SRowMerger *pMerger, TSDBROW *pRow, STSchema *pTSchema) code = tRealloc(&pTColVal->value.pData, pColVal->value.nData); if (code) return code; + // [TODO] + if (pTColVal->value.nData < pColVal->value.nData) { + tsdbInfo("tsdbRowMergedAdd(1): nData changed from %u to %u", pTColVal->value.nData, pColVal->value.nData); + } + pTColVal->value.nData = pColVal->value.nData; if (pTColVal->value.nData) { memcpy(pTColVal->value.pData, pColVal->value.pData, pTColVal->value.nData); @@ -837,6 +842,11 @@ int32_t tsdbRowMergerAdd(SRowMerger *pMerger, TSDBROW *pRow, STSchema *pTSchema) code = tRealloc(&tColVal->value.pData, pColVal->value.nData); if (code) return code; + // [TODO] + if (tColVal->value.nData < pColVal->value.nData) { + tsdbInfo("tsdbRowMergedAdd(-1): nData changed from %u to %u", tColVal->value.nData, pColVal->value.nData); + } + tColVal->value.nData = pColVal->value.nData; if (pColVal->value.nData) { memcpy(tColVal->value.pData, pColVal->value.pData, pColVal->value.nData);