From 9d21b2154d7b069936c8e2a83d874889d147f0b9 Mon Sep 17 00:00:00 2001
From: lihangyu <15605149486@163.com>
Date: Fri, 22 Jul 2022 11:25:17 +0800
Subject: [PATCH] [Fix](Array) correct the offset when using get_data_at from
 _item_convertor (#11094)

get_data_at should use offset - offsets[start_index] since
start_index may be changed after OlapColumnDataConvertorArray::set_source_column.
Using just offset may access the memory out of _item_convertor's data range,
---
 be/src/vec/olap/olap_data_convertor.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/be/src/vec/olap/olap_data_convertor.cpp b/be/src/vec/olap/olap_data_convertor.cpp
index 1a29327326683f..63ee54ed28338d 100644
--- a/be/src/vec/olap/olap_data_convertor.cpp
+++ b/be/src/vec/olap/olap_data_convertor.cpp
@@ -410,6 +410,7 @@ const void* OlapBlockDataConvertor::OlapColumnDataConvertorVarChar::get_data() c
 
 const void* OlapBlockDataConvertor::OlapColumnDataConvertorVarChar::get_data_at(
         size_t offset) const {
+    assert(offset < _slice.size());
     UInt8 null_flag = 0;
     if (_nullmap) {
         null_flag = _nullmap[offset];
@@ -729,7 +730,11 @@ Status OlapBlockDataConvertor::OlapColumnDataConvertorArray::convert_to_olap(
             collection_value->set_null_signs(
                     const_cast<bool*>(reinterpret_cast<const bool*>(item_null_map + offset)));
         }
-        collection_value->set_data(const_cast<void*>(_item_convertor->get_data_at(offset)));
+        // get_data_at should use offset - offsets[start_index] since
+        // start_index may be changed after OlapColumnDataConvertorArray::set_source_column.
+        // Using just offset may access the memory out of _item_convertor's data range,
+        collection_value->set_data(
+                const_cast<void*>(_item_convertor->get_data_at(offset - offsets[start_index])));
     }
     return Status::OK();
 }