修复bug： TSG-6324 在流式扫描过程中，发生版本号回滚导致的全量更新后，Maat_stream_scan_string_end释放rulescan流式扫描句柄时，会非法访问已被销毁的rulescan句柄内存，从而导致段错误。

src/entry/Maat_api.cpp

@@ -1950,9 +1950,11 @@ stream_para_t Maat_stream_scan_string_start(Maat_feather_t feather,int table_id,
 	sp->feather=_feather;
 	sp->p_real_table=p_table;
 	sp->virtual_table_id=virtual_table_id;
-	sp->version=_feather->maat_version;
+	sp->last_full_version=_feather->last_full_version;
+	sp->ref_scanner=_feather->scanner;
 	sp->process_offset=0;
 	sp->rs_stream_para=NULL;
+	
 	if(scanner==NULL)
 	{
 		return sp;
@@ -2014,7 +2016,7 @@ int Maat_stream_scan_string_detail(stream_para_t* stream_para
 	struct Maat_table_runtime* table_rt=Maat_table_runtime_get(scanner->table_rt_mgr, sp->p_real_table->table_id);
 
 
-	if(sp->version!=sp->feather->maat_version)
+	if(sp->last_full_version!=sp->feather->last_full_version||sp->ref_scanner!=sp->feather->scanner)
 	{
 		return 0;
 	}
@@ -2189,7 +2191,7 @@ void Maat_stream_scan_string_end(stream_para_t* stream_para)
 	}
 	if(sp->rs_stream_para!=NULL)
 	{
-		if(scanner!=NULL&&sp->version>=sp->feather->last_full_version)
+		if(scanner!=NULL&&sp->last_full_version==sp->feather->last_full_version&&sp->ref_scanner==sp->feather->scanner)
 		{
 			
 			DEC_SCANNER_REF(scanner, sp->thread_num);
@@ -2213,6 +2215,8 @@ void Maat_stream_scan_string_end(stream_para_t* stream_para)
 		free(sp->scan_buff);
 		sp->scan_buff=NULL;
 	}
+	sp->ref_scanner=NULL;
+	sp->feather=NULL;
 	free(sp);
 	*stream_para=NULL;
 	return;
@@ -2234,9 +2238,10 @@ stream_para_t Maat_stream_scan_digest_start(Maat_feather_t feather,int table_id,
 	struct _stream_para_t* sp=ALLOC(struct _stream_para_t, 1);
 	scanner=_feather->scanner;
 	sp->feather=_feather;
+	sp->ref_scanner=_feather->scanner;
 	sp->p_real_table=p_table;
 	sp->virtual_table_id=virtual_table_id;
-	sp->version=_feather->maat_version;
+	sp->last_full_version=_feather->last_full_version;
 	sp->process_offset=0;
 	if(scanner==NULL)
 	{
@@ -2393,7 +2398,7 @@ void Maat_stream_scan_digest_end(stream_para_t* stream_para)
 	alignment_int64_array_add(table_rt->stream_num, sp->thread_num,-1);
 	if(scanner!=NULL)
 	{
-		if(sp->version==sp->feather->maat_version)
+		if(sp->last_full_version==sp->feather->last_full_version)
 		{
 			DEC_SCANNER_REF(scanner, sp->thread_num);
 		}		
@@ -2402,6 +2407,8 @@ void Maat_stream_scan_digest_end(stream_para_t* stream_para)
 	pthread_mutex_destroy(&(sp->fuzzy_mutex));
 	assert(sp->last_cache==NULL);
 	assert(sp->scan_buff==NULL);
+	sp->ref_scanner=NULL;
+	sp->feather=NULL;
 	free(sp);
 	*stream_para=NULL;
 

src/entry/Maat_rule.cpp

@@ -57,7 +57,7 @@ extern "C"
 }
 #endif
 
-int MAAT_FRAME_VERSION_3_1_19_20210420=1;
+int MAAT_FRAME_VERSION_3_1_20_20210513=1;
 
 int is_valid_table_name(const char* str)
 {

src/inc_internal/Maat_rule_internal.h

@@ -185,7 +185,9 @@ struct _stream_para_t
 	struct _Maat_feather_t* feather;
 	const struct Maat_table_schema* p_real_table;
 	int virtual_table_id;
-	int version;
+	int last_full_version;
+	struct Maat_scanner *ref_scanner;
+	
 	int thread_num;
 	int max_cross_size;
 	int caching_size;

test/test_maatframe.cpp

@@ -4035,6 +4035,78 @@ TEST_F(MaatCmdTest,    UpdateDeadLockDetection)
 
 	return;
 }
+#define VersionRollBack_SegFault
+TEST_F(MaatCmdTest, StreamScanSegfaultWhenVersionRollBack_TSG_6324)
+{
+	Maat_feather_t feather=MaatCmdTest::_shared_feather;
+
+	const char* g2c_tn="GROUP2COMPILE";
+	const char* compile_table_name="COMPILE";
+	const char* scan_table_name="KEYWORDS_TABLE";
+
+	struct Maat_rule_t compile1;
+	struct Maat_cmd_group2compile group1;
+	struct Maat_cmd_region region1;
+
+	memset(&compile1, 0, sizeof(compile1));
+	compile1.config_id=(int)Maat_cmd_incrby(feather, "TEST_SEQ", 1);
+	Maat_command_raw_set_compile(feather, MAAT_OP_ADD, &compile1, compile_table_name, NULL, 1, 0, 0);
+
+	
+	//group1->compile1
+	memset(&group1, 0, sizeof(group1));
+	group1.group_id=Maat_command_get_new_group_id(feather);
+	group1.table_name=g2c_tn;
+	group1.compile_id=compile1.config_id;
+	group1.clause_index=0;
+	Maat_command_raw_set_group2compile(feather, MAAT_OP_ADD, &group1);
+
+
+	//region1->group1->compile1
+	
+	memset(&region1, 0, sizeof(region1));
+	region1.region_id=Maat_command_get_new_region_id(feather);
+	region1.region_type=REGION_EXPR;
+	region1.table_name=scan_table_name;
+	region1.expr_rule.keywords="stream-keywords-001";
+	region1.expr_rule.expr_type=EXPR_TYPE_STRING;
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region1, group1.group_id);
+
+	sleep(1);
+
+	const char* scan_data="Here is a stream-keywords-001, this should hit.";
+	stream_para_t sp=NULL;
+	scan_status_t mid=NULL;
+	int ret=0, table_id=0;
+	struct Maat_rule_t result[4];
+	memset(result, 0, sizeof(result));
+	
+	table_id=Maat_table_register(feather, scan_table_name);
+	ASSERT_GT(table_id, 0);
+
+	
+	sp=Maat_stream_scan_string_start(feather, table_id, 0);
+	ret=Maat_stream_scan_string(&sp, CHARSET_NONE, scan_data, strlen(scan_data),
+						result, NULL, 4, &mid);
+	EXPECT_EQ(ret, 1);
+	EXPECT_EQ(result[0].config_id, compile1.config_id);
+
+	//DON'T DO THIS!!!
+	//Roll back version, trigger full udpate.
+	Maat_cmd_incrby(feather, "MAAT_VERSION", -100);
+
+	//Wating for scanner garbage collect expiration.
+	sleep(10);
+
+	ret=Maat_stream_scan_string(&sp, CHARSET_NONE, scan_data, strlen(scan_data),
+						result, NULL, 4, &mid);
+	EXPECT_EQ(ret, 0); //Scan was interupted after full update.
+
+	Maat_stream_scan_string_end(&sp);
+
+	Maat_clean_status(&mid);
+
+}
 
 int main(int argc, char ** argv)
 {