(doris) branch branch-3.0 updated: [Fix](Serde) fix potential mem leak in array serde write_one_cell_to_json (#41358)

Thu, 26 Sep 2024 03:07:30 -0700 

This is an automated email from the ASF dual-hosted git repository.

eldenmoon pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/branch-3.0 by this push:
     new cb989619a36 [Fix](Serde) fix potential mem leak in array serde 
write_one_cell_to_json (#41358)
cb989619a36 is described below

commit cb989619a36372180fbec8bc19a199ec49b06eca
Author: lihangyu <15605149...@163.com>
AuthorDate: Thu Sep 26 18:07:05 2024 +0800

    [Fix](Serde) fix potential mem leak in array serde write_one_cell_to_json 
(#41358)
    
    placement new may lead to mem leak in Field without calling it's
    desctructor
    
    related PR #40573
---
 .../vec/data_types/serde/data_type_array_serde.cpp | 30 ++++++++++++----------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/be/src/vec/data_types/serde/data_type_array_serde.cpp 
b/be/src/vec/data_types/serde/data_type_array_serde.cpp
index e8eea4affe7..7828ecd4c69 100644
--- a/be/src/vec/data_types/serde/data_type_array_serde.cpp
+++ b/be/src/vec/data_types/serde/data_type_array_serde.cpp
@@ -229,20 +229,24 @@ void DataTypeArraySerDe::write_one_cell_to_jsonb(const 
IColumn& column, JsonbWri
 Status DataTypeArraySerDe::write_one_cell_to_json(const IColumn& column, 
rapidjson::Value& result,
                                                   
rapidjson::Document::AllocatorType& allocator,
                                                   Arena& mem_pool, int 
row_num) const {
-    // Use allocator instead of stack memory, since rapidjson hold the 
reference of String value
-    // otherwise causes stack use after free
-    auto& column_array = static_cast<const ColumnArray&>(column);
-    if (row_num > column_array.size()) {
-        return Status::InternalError("row num {} out of range {}!", row_num, 
column_array.size());
-    }
-    // void* mem = allocator.Malloc(sizeof(vectorized::Field));
-    void* mem = mem_pool.alloc(sizeof(vectorized::Field));
-    if (!mem) {
-        return Status::InternalError("Malloc failed");
-    }
-    vectorized::Field* array = new (mem) 
vectorized::Field(column_array[row_num]);
+    auto res = check_column_const_set_readability(column, row_num);
+    ColumnPtr ptr = res.first;
+    row_num = res.second;
+
+    const auto& data_column = assert_cast<const ColumnArray&>(*ptr);
+    const auto& offsets = data_column.get_offsets();
+
+    size_t offset = offsets[row_num - 1];
+    size_t next_offset = offsets[row_num];
 
-    convert_field_to_rapidjson(*array, result, allocator);
+    const IColumn& nested_column = data_column.get_data();
+    result.SetArray();
+    for (size_t i = offset; i < next_offset; ++i) {
+        rapidjson::Value val;
+        RETURN_IF_ERROR(
+                nested_serde->write_one_cell_to_json(nested_column, val, 
allocator, mem_pool, i));
+        result.PushBack(val, allocator);
+    }
     return Status::OK();
 }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to