From 18fd7b1abdad7881c05ffcb731abd3353a897a03 Mon Sep 17 00:00:00 2001 From: Sophie <84560950+Sophie-Xie@users.noreply.github.com> Date: Mon, 22 May 2023 18:28:27 +0800 Subject: [PATCH] Cherry pick 3.5 (0516-0522) (#5559) Fix crash double free of expr. (#5557) * Fix crash double free of expr. * Change issue id. Co-authored-by: shylock <33566796+Shylock-Hg@users.noreply.github.com> --- src/parser/parser.yy | 6 ++-- .../features/bugfix/SyntaxErrorCrash.feature | 32 +++++++++++++++++++ 2 files changed, 34 insertions(+), 4 deletions(-) create mode 100644 tests/tck/features/bugfix/SyntaxErrorCrash.feature diff --git a/src/parser/parser.yy b/src/parser/parser.yy index b9708c060a4..24747e3ecac 100644 --- a/src/parser/parser.yy +++ b/src/parser/parser.yy @@ -1801,12 +1801,10 @@ match_node $$ = new MatchNode(); } | parenthesized_expression { - auto& e = $1; - if (e->kind() != Expression::Kind::kLabel) { - delete $1; + if ($1->kind() != Expression::Kind::kLabel) { throw nebula::GraphParser::syntax_error(@1, "Invalid node pattern"); } - $$ = new MatchNode(static_cast(e)->name(), nullptr, nullptr); + $$ = new MatchNode(static_cast($1)->name(), nullptr, nullptr); } | L_PAREN match_alias match_node_label_list R_PAREN { $$ = new MatchNode(*$2, $3, nullptr); diff --git a/tests/tck/features/bugfix/SyntaxErrorCrash.feature b/tests/tck/features/bugfix/SyntaxErrorCrash.feature new file mode 100644 index 00000000000..8ef27b11027 --- /dev/null +++ b/tests/tck/features/bugfix/SyntaxErrorCrash.feature @@ -0,0 +1,32 @@ +# Copyright (c) 2023 vesoft inc. All rights reserved. +# +# This source code is licensed under Apache 2.0 License. +# #5558 +Feature: Test crash double delete expr + + Background: + Given a graph with space named "nba" + + Scenario: crash double delete expr + When executing query: + """ + match (v.player) return v; + """ + Then a SyntaxError should be raised at runtime: Invalid node pattern near `(v.player)' + When executing query: + """ + match (v.player) return v; + """ + Then a SyntaxError should be raised at runtime: Invalid node pattern near `(v.player)' + When executing query: + """ + match (v.player) return v; + """ + Then a SyntaxError should be raised at runtime: Invalid node pattern near `(v.player)' + When executing query: + """ + return 1; + """ + Then the result should be, in any order: + | 1 | + | 1 |