This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch branch-4.0
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-4.0 by this push:
new 6b1dc8d9c49 [fix](filecache) avoid string_view::data() in
file_cache_action (#60101) (#60549)
6b1dc8d9c49 is described below
commit 6b1dc8d9c49791df14a2240b78d66990fd27c88d
Author: zhengyu <[email protected]>
AuthorDate: Tue Mar 3 18:00:16 2026 +0800
[fix](filecache) avoid string_view::data() in file_cache_action (#60101)
(#60549)
std::string_view::data() does not guarantee a null-terminated string,
which can cause out-of-bounds reads, undefined behavior, crashes, or
even information leaks.
### What problem does this PR solve?
Issue Number: close #xxx
Related PR: #xxx
Problem Summary:
### Release note
None
### Check List (For Author)
- Test <!-- At least one of them must be included. -->
- [ ] Regression test
- [ ] Unit Test
- [ ] Manual test (add detailed scripts or steps below)
- [ ] No need to test or manual test. Explain why:
- [ ] This is a refactor/code format and no logic has been changed.
- [ ] Previous test can cover this change.
- [ ] No code files have been changed.
- [ ] Other reason <!-- Add your reason? -->
- Behavior changed:
- [ ] No.
- [ ] Yes. <!-- Explain the behavior change -->
- Does this need documentation?
- [ ] No.
- [ ] Yes. <!-- Add document PR link here. eg:
https://github.com/apache/doris-website/pull/1214 -->
### Check List (For Reviewer who merge this PR)
- [ ] Confirm the release note
- [ ] Confirm test cases
- [ ] Confirm document
- [ ] Add branch pick label <!-- Add branch pick label that this PR
should merge into -->
---------
Signed-off-by: zhengyu <[email protected]>
---
be/src/http/action/file_cache_action.cpp | 27 ++++++++++++++-------------
1 file changed, 14 insertions(+), 13 deletions(-)
diff --git a/be/src/http/action/file_cache_action.cpp
b/be/src/http/action/file_cache_action.cpp
index 882dc895480..e923af07006 100644
--- a/be/src/http/action/file_cache_action.cpp
+++ b/be/src/http/action/file_cache_action.cpp
@@ -58,19 +58,20 @@ constexpr static std::string_view DUMP = "dump";
constexpr static std::string_view VALUE = "value";
Status FileCacheAction::_handle_header(HttpRequest* req, std::string*
json_metrics) {
- req->add_output_header(HttpHeaders::CONTENT_TYPE, HEADER_JSON.data());
- std::string operation = req->param(OP.data());
+ const std::string header_json(HEADER_JSON);
+ req->add_output_header(HttpHeaders::CONTENT_TYPE, header_json.c_str());
+ std::string operation = req->param(std::string(OP));
Status st = Status::OK();
if (operation == RELEASE) {
size_t released = 0;
- const std::string& base_path = req->param(BASE_PATH.data());
+ const std::string& base_path = req->param(std::string(BASE_PATH));
if (!base_path.empty()) {
released =
io::FileCacheFactory::instance()->try_release(base_path);
} else {
released = io::FileCacheFactory::instance()->try_release();
}
EasyJson json;
- json[RELEASED_ELEMENTS.data()] = released;
+ json[std::string(RELEASED_ELEMENTS)] = released;
*json_metrics = json.ToString();
} else if (operation == CLEAR) {
DBUG_EXECUTE_IF("FileCacheAction._handle_header.ignore_clear", {
@@ -78,8 +79,8 @@ Status FileCacheAction::_handle_header(HttpRequest* req,
std::string* json_metri
st = Status::OK();
return st;
});
- const std::string& sync = req->param(SYNC.data());
- const std::string& segment_path = req->param(VALUE.data());
+ const std::string& sync = req->param(std::string(SYNC));
+ const std::string& segment_path = req->param(std::string(VALUE));
if (segment_path.empty()) {
io::FileCacheFactory::instance()->clear_file_caches(to_lower(sync)
== "true");
} else {
@@ -88,7 +89,7 @@ Status FileCacheAction::_handle_header(HttpRequest* req,
std::string* json_metri
cache->remove_if_cached(hash);
}
} else if (operation == RESET) {
- std::string capacity = req->param(CAPACITY.data());
+ std::string capacity = req->param(std::string(CAPACITY));
int64_t new_capacity = 0;
bool parse = true;
try {
@@ -102,24 +103,24 @@ Status FileCacheAction::_handle_header(HttpRequest* req,
std::string* json_metri
"the interval (0, INT64_MAX]",
capacity);
} else {
- const std::string& path = req->param(PATH.data());
+ const std::string& path = req->param(std::string(PATH));
auto ret = io::FileCacheFactory::instance()->reset_capacity(path,
new_capacity);
LOG(INFO) << ret;
}
} else if (operation == HASH) {
- const std::string& segment_path = req->param(VALUE.data());
+ const std::string& segment_path = req->param(std::string(VALUE));
if (segment_path.empty()) {
- st = Status::InvalidArgument("missing parameter: {} is required",
VALUE.data());
+ st = Status::InvalidArgument("missing parameter: {} is required",
VALUE);
} else {
io::UInt128Wrapper ret = io::BlockFileCache::hash(segment_path);
EasyJson json;
- json[HASH.data()] = ret.to_string();
+ json[std::string(HASH)] = ret.to_string();
*json_metrics = json.ToString();
}
} else if (operation == LIST_CACHE) {
- const std::string& segment_path = req->param(VALUE.data());
+ const std::string& segment_path = req->param(std::string(VALUE));
if (segment_path.empty()) {
- st = Status::InvalidArgument("missing parameter: {} is required",
VALUE.data());
+ st = Status::InvalidArgument("missing parameter: {} is required",
VALUE);
} else {
io::UInt128Wrapper cache_hash =
io::BlockFileCache::hash(segment_path);
std::vector<std::string> cache_files =
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
