Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FingerPrint算法数组越界导致Panic #2603

Closed
winfredLIN opened this issue Sep 13, 2024 · 1 comment
Closed

FingerPrint算法数组越界导致Panic #2603

winfredLIN opened this issue Sep 13, 2024 · 1 comment
Assignees
@BugsGuru
Labels
bug Something isn't working publish-pre3 verified the issue all pr is verified
Milestone
v3.2410.0

Comments

@winfredLIN
Copy link
Collaborator

winfredLIN commented Sep 13, 2024
edited by BugsGuru
Loading

版本信息(Version)

sqle@latest

问题描述(Describe)

使用特定SQL生成指纹时,由于生成的指纹长度大于原有SQL,FingerPrint算法访问的数组越界,产生panic
类似问题:percona/go-mysql#30

截图或日志(Log)

临时修复方案

  1. 在每次访问数组前(10处)判断数组是否越界,若越界,返回原始SQL,并且在外侧打印日志
    img_v3_02el_58d1472e-f982-4d87-b0ff-29e99e13c2dg
    img_v3_02el_09136c0b-a0b9-41c7-929d-bb84725b1b4g

如何复现(To Reproduce)

func TestName(t *testing.T) {
	fp := query.Fingerprint(`insert into tb values(1)`)
	fmt.Println("11", fp)
}
// 这条SQL虽然是错误的,但也可以触发panic :SELECT*FROM (SELECT * FROM tb values(1));

问题原因

github.com/percona/go-mysql/query的指纹生成函数缺陷

解决方案

使用github.com/actiontech/sqle/sqle/driver/mysql/util中的指纹函数替换github.com/percona/go-mysql/query

涉及替换的地方:

  1. sqle/pkg/driver/impl.go 中 DriverImpl.Parse 方法中
  2. sqle/cmd/scannerd/scanners/tidb_audit_log/audit_log_ee.go

变更影响面

受影响的模块或功能

  1. 依赖变更后的sqle/pkg/driver/impl.go实现的的插件 会使用新的指纹算法
  2. scannerd 执行tidb_audit_log时 会使用新的指纹算法

外部引用的潜在问题或风险

版本兼容性

测试建议
@winfredLIN winfredLIN added the bug Something isn't working label Sep 13, 2024
@ColdWaterLW ColdWaterLW added this to the v3.2409.0 milestone Sep 13, 2024
@ColdWaterLW ColdWaterLW modified the milestones: v3.2409.0, v3.2410.0 Oct 8, 2024
@ColdWaterLW ColdWaterLW changed the title FingerPrint算法数组越界导致Pnanic FingerPrint算法数组越界导致Panic Oct 24, 2024
@ColdWaterLW ColdWaterLW assigned BugsGuru and unassigned winfredLIN Oct 28, 2024
@BugsGuru BugsGuru mentioned this issue Oct 29, 2024
Merged
5 tasks
@taolx0
Copy link
Collaborator

taolx0 commented Nov 5, 2024

纯后台修改,通过代码验证
image

@taolx0 taolx0 added the verified the issue all pr is verified label Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BugsGuru BugsGuru

Labels
bug Something isn't working publish-pre3 verified the issue all pr is verified
Projects
None yet
Milestone
v3.2410.0
Development

No branches or pull requests
4 participants
@winfredLIN @ColdWaterLW @BugsGuru @taolx0