Pan Wei f6c8577ee5 fix：query return error unknown error 65535 issue (#35003) ... * fix(scalar): prevent crash when IN expression has invalid type from unhandled node Root cause: sclGetNodeType() silently set *type = -1 and returned TSDB_CODE_SUCCESS for unhandled node types. This propagated -1 as ctx->type.selfType, which was then cast to (uint32_t)-1 = 4294967295 and used as an index into tDataTypes[], causing an out-of-bounds crash in scalarGenerateSetFromList(). The bug was triggered by semantically odd SQL such as: ifnull(b not between vb and a, n in (...)) in (today(), today(), now()) where a boolean result is compared against a timestamp list. Fixes: 1. sclGetNodeType(): return TSDB_CODE_QRY_INVALID_INPUT for unhandled node types instead of silently setting type = -1. 2. sclInitParam(): validate selfType before using it as list element type to prevent OOB access in vectorGetConvertType(-1, ...). 3. scalarGenerateSetFromList(): add IS_INVALID_TYPE() guard at entry as a defensive check against any future invalid-type paths. Add regression test: test_scalar_invalid_type.py Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: case when and decimal query crash issues * fix: CAST to JSON returns Unknown error 65535; mavg/csum/diff with constant arg returns invalid input - builtins.c: reject CAST(expr AS JSON) in translateCast() with TSDB_CODE_CAST_TO_JSON_NOT_ALLOWED instead of silently passing validation and failing at execution with TSDB_CODE_FAILED (-1) - scalar.c: add QUERY_NODE_LEFT_VALUE case in sclGetNodeType() so rewritten constant operands (ASSIGN operator left side) resolve their type from ctx->type.opResType instead of hitting the 'unsupported node type' fallthrough (error 0x070F invalid input) - executorInt.c: create dummy column for the first arg of indefinite- rows functions when it is a constant, preventing NULL pData[0] - test_fun_sca_cast.py: add do_cast_to_json_invalid() covering all 19 sql-fuzzing repro queries for the CAST-to-JSON bug Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: sclGetNodeType missing cases cause invalid input in query/subquery Add missing node type cases to sclGetNodeType() that were hit after ed9de01 changed the fallthrough from silent type=-1 to hard error: 1. QUERY_NODE_LEFT_VALUE (27): return ctx->type.opResType, used when the planner rewrites constants into ASSIGN(LEFT_VALUE, VALUE) operators for scalarSup pre-processing (e.g. mavg(2.0, 3)) 2. QUERY_NODE_REMOTE_VALUE_LIST (61): read resType from SExprNode, used when IN subquery RHS is a remote value list node 3. QUERY_NODE_REMOTE_VALUE / QUERY_NODE_REMOTE_ZERO_ROWS / QUERY_NODE_REMOTE_ROW: read resType from embedded SValueNode, defensive coverage for other remote node types Also extend doSetInputDataBlock() dummy-column creation to cover the first constant argument of indefinite-rows functions (mavg, csum, diff) so pInput->pData[0] is not NULL at function execution time. Fixes: select distinct t1,'abc',tbname from st1 -> invalid input Fixes: 1 in (select 1 from st1) -> invalid input Fixes: mavg(cast(2 as float), 3) -> invalid input Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Remove QUERY_NODE_LEFT_VALUE case from switch statement Removed handling for QUERY_NODE_LEFT_VALUE case in scalar.c --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>		2026-04-07 07:55:15 +08:00
..
inc	feat(query): support external windows (#34933)	2026-03-29 09:38:08 +08:00
src	fix：query return error unknown error 65535 issue (#35003)	2026-04-07 07:55:15 +08:00
test	enh: explain (#34764)	2026-03-20 10:08:49 +08:00
CMakeLists.txt	feat: new stream (#31678)	2025-07-16 14:42:16 +08:00