From 3eae8f1c99ef7793f1d1426260990926bbeda901 Mon Sep 17 00:00:00 2001 From: wangmm0220 Date: Wed, 18 Sep 2024 10:15:01 +0800 Subject: [PATCH] fix:[TD-31899] check return value by malloc/strdup --- source/client/src/clientMonitor.c | 6 ++-- source/client/src/clientSml.c | 16 +++++++--- source/client/src/clientTmq.c | 34 +++++++++++++++++----- source/common/src/tglobal.c | 3 ++ source/dnode/mnode/impl/src/mndConsumer.c | 24 ++++++++++----- source/dnode/mnode/impl/src/mndSubscribe.c | 1 + source/dnode/mnode/impl/src/mndTopic.c | 3 ++ source/dnode/vnode/src/tq/tq.c | 3 ++ source/dnode/vnode/src/tq/tqMeta.c | 12 ++++++-- source/dnode/vnode/src/tq/tqScan.c | 8 +++++ source/libs/parser/src/parInsertSml.c | 7 ++++- 11 files changed, 93 insertions(+), 24 deletions(-) diff --git a/source/client/src/clientMonitor.c b/source/client/src/clientMonitor.c index aeaa3bef8b..6a75b8ef55 100644 --- a/source/client/src/clientMonitor.c +++ b/source/client/src/clientMonitor.c @@ -736,8 +736,10 @@ static void monitorSendAllSlowLogFromTempDir(int64_t clusterId) { continue; } char* tmp = taosStrdup(filename); - monitorSendSlowLogAtBeginning(clusterId, &tmp, pFile, 0); - taosMemoryFree(tmp); + if (tmp != NULL){ + monitorSendSlowLogAtBeginning(clusterId, &tmp, pFile, 0); + taosMemoryFree(tmp); + } } int32_t ret = taosCloseDir(&pDir); diff --git a/source/client/src/clientSml.c b/source/client/src/clientSml.c index 082daa805c..6a19f61383 100644 --- a/source/client/src/clientSml.c +++ b/source/client/src/clientSml.c @@ -1939,6 +1939,10 @@ int32_t smlClearForRerun(SSmlHandle *info) { return TSDB_CODE_SML_INVALID_DATA; } info->lines = (SSmlLineInfo *)taosMemoryCalloc(info->lineNum, sizeof(SSmlLineInfo)); + if (unlikely(info->lines == NULL)) { + uError("SML:0x%" PRIx64 " info->lines == NULL", info->id); + return terrno; + } } (void)memset(&info->preLine, 0, sizeof(SSmlLineInfo)); @@ -1971,10 +1975,14 @@ static bool getLine(SSmlHandle *info, char *lines[], char **rawLine, char *rawLi if (*rawLine != NULL && (uDebugFlag & DEBUG_DEBUG)) { char *print = taosMemoryCalloc(*len + 1, 1); - (void)memcpy(print, *tmp, *len); - uDebug("SML:0x%" PRIx64 " smlParseLine is raw, numLines:%d, protocol:%d, len:%d, data:%s", info->id, numLines, - info->protocol, *len, print); - taosMemoryFree(print); + if (print != NULL){ + (void)memcpy(print, *tmp, *len); + uDebug("SML:0x%" PRIx64 " smlParseLine is raw, numLines:%d, protocol:%d, len:%d, data:%s", info->id, numLines, + info->protocol, *len, print); + taosMemoryFree(print); + } else{ + uError("SML:0x%" PRIx64 " smlParseLine taosMemoryCalloc failed", info->id); + } } else { uDebug("SML:0x%" PRIx64 " smlParseLine is not numLines:%d, protocol:%d, len:%d, data:%s", info->id, numLines, info->protocol, *len, *tmp); diff --git a/source/client/src/clientTmq.c b/source/client/src/clientTmq.c index 8836fce31a..611d76f606 100644 --- a/source/client/src/clientTmq.c +++ b/source/client/src/clientTmq.c @@ -404,17 +404,29 @@ tmq_conf_res_t tmq_conf_set(tmq_conf_t* conf, const char* key, const char* value } if (strcasecmp(key, "td.connect.ip") == 0) { - conf->ip = taosStrdup(value); + void *tmp = taosStrdup(value); + if (tmp == NULL) { + return TMQ_CONF_INVALID; + } + conf->ip = tmp; return TMQ_CONF_OK; } if (strcasecmp(key, "td.connect.user") == 0) { - conf->user = taosStrdup(value); + void *tmp = taosStrdup(value); + if (tmp == NULL) { + return TMQ_CONF_INVALID; + } + conf->user = tmp; return TMQ_CONF_OK; } if (strcasecmp(key, "td.connect.pass") == 0) { - conf->pass = taosStrdup(value); + void *tmp = taosStrdup(value); + if (tmp == NULL) { + return TMQ_CONF_INVALID; + } + conf->pass = tmp; return TMQ_CONF_OK; } @@ -468,7 +480,11 @@ int32_t tmq_list_append(tmq_list_t* list, const char* src) { SArray* container = &list->container; if (src == NULL || src[0] == 0) return TSDB_CODE_INVALID_PARA; char* topic = taosStrdup(src); - if (taosArrayPush(container, &topic) == NULL) return TSDB_CODE_INVALID_PARA; + if (topic == NULL) return TSDB_CODE_OUT_OF_MEMORY; + if (taosArrayPush(container, &topic) == NULL) { + taosMemoryFree(topic); + return TSDB_CODE_INVALID_PARA; + } return 0; } @@ -947,13 +963,13 @@ void tmqSendHbReq(void* param, void* tmrId) { int32_t tlen = tSerializeSMqHbReq(NULL, 0, &req); if (tlen < 0) { - tscError("tSerializeSMqHbReq failed"); + tscError("tSerializeSMqHbReq failed, size:%d", tlen); goto OVER; } void* pReq = taosMemoryCalloc(1, tlen); - if (tlen < 0) { - tscError("failed to malloc MqHbReq msg, size:%d", tlen); + if (pReq == NULL) { + tscError("failed to malloc MqHbReq msg, code:%d", terrno); goto OVER; } @@ -3514,6 +3530,10 @@ int32_t tmq_get_topic_assignment(tmq_t* tmq, const char* pTopicName, tmq_topic_a } (void)taosThreadMutexInit(&pCommon->mutex, 0); pCommon->pTopicName = taosStrdup(pTopic->topicName); + if (pCommon->pTopicName == NULL) { + code = TSDB_CODE_OUT_OF_MEMORY; + goto end; + } pCommon->consumerId = tmq->consumerId; for (int32_t i = 0; i < (*numOfAssignment); ++i) { diff --git a/source/common/src/tglobal.c b/source/common/src/tglobal.c index 810129e694..f38257c25c 100644 --- a/source/common/src/tglobal.c +++ b/source/common/src/tglobal.c @@ -1092,6 +1092,9 @@ int32_t taosSetSlowLogScope(char *pScopeStr, int32_t *pScope) { while((scope = strsep(&pScopeStr, "|")) != NULL){ taosMemoryFreeClear(tmp); tmp = taosStrdup(scope); + if (tmp == NULL) { + TAOS_RETURN(TSDB_CODE_OUT_OF_MEMORY); + } (void)strtrim(tmp); if (0 == strcasecmp(tmp, "all")) { slowScope |= SLOW_LOG_TYPE_ALL; diff --git a/source/dnode/mnode/impl/src/mndConsumer.c b/source/dnode/mnode/impl/src/mndConsumer.c index 9704ccaa83..fcdb44da26 100644 --- a/source/dnode/mnode/impl/src/mndConsumer.c +++ b/source/dnode/mnode/impl/src/mndConsumer.c @@ -463,6 +463,15 @@ static void freeItem(void *param) { } } +#define ADD_TOPIC_TO_ARRAY(element, array) \ +char *newTopicCopy = taosStrdup(element); \ +MND_TMQ_NULL_CHECK(newTopicCopy);\ +if (taosArrayPush(pConsumerNew->array, &newTopicCopy) == NULL){\ + taosMemoryFree(newTopicCopy);\ + code = terrno;\ + goto END;\ +} + static int32_t getTopicAddDelete(SMqConsumerObj *pExistedConsumer, SMqConsumerObj *pConsumerNew){ int32_t code = 0; pConsumerNew->rebNewTopics = taosArrayInit(0, sizeof(void *)); @@ -477,15 +486,13 @@ static int32_t getTopicAddDelete(SMqConsumerObj *pExistedConsumer, SMqConsumerOb if (i >= oldTopicNum) { void* tmp = taosArrayGetP(pConsumerNew->assignedTopics, j); MND_TMQ_NULL_CHECK(tmp); - char *newTopicCopy = taosStrdup(tmp); - MND_TMQ_NULL_CHECK(taosArrayPush(pConsumerNew->rebNewTopics, &newTopicCopy)); + ADD_TOPIC_TO_ARRAY(tmp, rebNewTopics); j++; continue; } else if (j >= newTopicNum) { void* tmp = taosArrayGetP(pExistedConsumer->currentTopics, i); MND_TMQ_NULL_CHECK(tmp); - char *oldTopicCopy = taosStrdup(tmp); - MND_TMQ_NULL_CHECK(taosArrayPush(pConsumerNew->rebRemovedTopics, &oldTopicCopy)); + ADD_TOPIC_TO_ARRAY(tmp, rebRemovedTopics); i++; continue; } else { @@ -499,13 +506,11 @@ static int32_t getTopicAddDelete(SMqConsumerObj *pExistedConsumer, SMqConsumerOb j++; continue; } else if (comp < 0) { - char *oldTopicCopy = taosStrdup(oldTopic); - MND_TMQ_NULL_CHECK(taosArrayPush(pConsumerNew->rebRemovedTopics, &oldTopicCopy)); + ADD_TOPIC_TO_ARRAY(oldTopic, rebRemovedTopics); i++; continue; } else { - char *newTopicCopy = taosStrdup(newTopic); - MND_TMQ_NULL_CHECK(taosArrayPush(pConsumerNew->rebNewTopics, &newTopicCopy)); + ADD_TOPIC_TO_ARRAY(newTopic, rebNewTopics); j++; continue; } @@ -789,6 +794,9 @@ static int32_t mndConsumerActionUpdate(SSdb *pSdb, SMqConsumerObj *pOldConsumer, return TSDB_CODE_TMQ_INVALID_MSG; } char *pNewTopic = taosStrdup(tmp); + if (pNewTopic == NULL) { + return TSDB_CODE_OUT_OF_MEMORY; + } removeFromTopicList(pOldConsumer->rebNewTopics, pNewTopic, pOldConsumer->consumerId, "new"); bool existing = existInCurrentTopicList(pOldConsumer, pNewTopic); if (existing) { diff --git a/source/dnode/mnode/impl/src/mndSubscribe.c b/source/dnode/mnode/impl/src/mndSubscribe.c index 37a711da41..93d8b6dcde 100644 --- a/source/dnode/mnode/impl/src/mndSubscribe.c +++ b/source/dnode/mnode/impl/src/mndSubscribe.c @@ -113,6 +113,7 @@ static int32_t mndBuildSubChangeReq(void **pBuf, int32_t *pLen, SMqSubscribeObj MND_TMQ_RETURN_CHECK(qSubPlanToString(pPlan, &req.qmsg, &msgLen)); } else { req.qmsg = taosStrdup(""); + MND_TMQ_NULL_CHECK(req.qmsg); } req.subType = pSub->subType; req.withMeta = pSub->withMeta; diff --git a/source/dnode/mnode/impl/src/mndTopic.c b/source/dnode/mnode/impl/src/mndTopic.c index 78aca0dbee..643bab568f 100644 --- a/source/dnode/mnode/impl/src/mndTopic.c +++ b/source/dnode/mnode/impl/src/mndTopic.c @@ -451,12 +451,14 @@ static int32_t mndCreateTopic(SMnode *pMnode, SRpcMsg *pReq, SCMCreateTopicReq * topicObj.dbUid = pDb->uid; topicObj.version = 1; topicObj.sql = taosStrdup(pCreate->sql); + MND_TMQ_NULL_CHECK(topicObj.sql); topicObj.sqlLen = strlen(pCreate->sql) + 1; topicObj.subType = pCreate->subType; topicObj.withMeta = pCreate->withMeta; if (pCreate->subType == TOPIC_SUB_TYPE__COLUMN) { topicObj.ast = taosStrdup(pCreate->ast); + MND_TMQ_NULL_CHECK(topicObj.ast); topicObj.astLen = strlen(pCreate->ast) + 1; qDebugL("topic:%s ast %s", topicObj.name, topicObj.ast); MND_TMQ_RETURN_CHECK(nodesStringToNode(pCreate->ast, &pAst)); @@ -482,6 +484,7 @@ static int32_t mndCreateTopic(SMnode *pMnode, SRpcMsg *pReq, SCMCreateTopicReq * if(pCreate->ast != NULL){ qDebugL("topic:%s ast %s", topicObj.name, pCreate->ast); topicObj.ast = taosStrdup(pCreate->ast); + MND_TMQ_NULL_CHECK(topicObj.ast); topicObj.astLen = strlen(pCreate->ast) + 1; } } diff --git a/source/dnode/vnode/src/tq/tq.c b/source/dnode/vnode/src/tq/tq.c index a2c088de68..16447afc5a 100644 --- a/source/dnode/vnode/src/tq/tq.c +++ b/source/dnode/vnode/src/tq/tq.c @@ -70,6 +70,9 @@ int32_t tqOpen(const char* path, SVnode* pVnode) { } pVnode->pTq = pTq; pTq->path = taosStrdup(path); + if (pTq->path == NULL) { + return TSDB_CODE_OUT_OF_MEMORY; + } pTq->pVnode = pVnode; pTq->pHandle = taosHashInit(64, MurmurHash3_32, true, HASH_ENTRY_LOCK); diff --git a/source/dnode/vnode/src/tq/tqMeta.c b/source/dnode/vnode/src/tq/tqMeta.c index 5ad1680794..eb374ee85e 100644 --- a/source/dnode/vnode/src/tq/tqMeta.c +++ b/source/dnode/vnode/src/tq/tqMeta.c @@ -341,7 +341,11 @@ int32_t tqMetaCreateHandle(STQ* pTq, SMqRebVgReq* req, STqHandle* handle) { handle->execHandle.subType = req->subType; handle->fetchMeta = req->withMeta; if (req->subType == TOPIC_SUB_TYPE__COLUMN) { - handle->execHandle.execCol.qmsg = taosStrdup(req->qmsg); + void *tmp = taosStrdup(req->qmsg); + if (tmp == NULL) { + return TSDB_CODE_OUT_OF_MEMORY; + } + handle->execHandle.execCol.qmsg = tmp; } else if (req->subType == TOPIC_SUB_TYPE__DB) { handle->execHandle.execDb.pFilterOutTbUid = taosHashInit(64, taosGetDefaultHashFunction(TSDB_DATA_TYPE_BIGINT), false, HASH_ENTRY_LOCK); @@ -350,7 +354,11 @@ int32_t tqMetaCreateHandle(STQ* pTq, SMqRebVgReq* req, STqHandle* handle) { } }else if(req->subType == TOPIC_SUB_TYPE__TABLE){ handle->execHandle.execTb.suid = req->suid; - handle->execHandle.execTb.qmsg = taosStrdup(req->qmsg); + void *tmp = taosStrdup(req->qmsg); + if (tmp == NULL) { + return TSDB_CODE_OUT_OF_MEMORY; + } + handle->execHandle.execTb.qmsg = tmp; } handle->snapshotVer = walGetCommittedVer(pTq->pVnode->pWal); diff --git a/source/dnode/vnode/src/tq/tqScan.c b/source/dnode/vnode/src/tq/tqScan.c index 527001e679..70c21b5f00 100644 --- a/source/dnode/vnode/src/tq/tqScan.c +++ b/source/dnode/vnode/src/tq/tqScan.c @@ -69,6 +69,10 @@ static int32_t tqAddTbNameToRsp(const STQ* pTq, int64_t uid, void* pRsp, int32_t for (int32_t i = 0; i < n; i++) { char* tbName = taosStrdup(mr.me.name); + if (tbName == NULL) { + metaReaderClear(&mr); + return TSDB_CODE_OUT_OF_MEMORY; + } if(taosArrayPush(((SMqDataRspCommon*)pRsp)->blockTbName, &tbName) == NULL){ continue; } @@ -213,6 +217,10 @@ int32_t tqScanTaosx(STQ* pTq, const STqHandle* pHandle, STaosxRsp* pRsp, SMqBatc } } else { char* tbName = taosStrdup(qExtractTbnameFromTask(task)); + if (tbName == NULL) { + tqError("vgId:%d, failed to add tbname to rsp msg, null", pTq->pVnode->config.vgId); + return TSDB_CODE_OUT_OF_MEMORY; + } if (taosArrayPush(pRsp->common.blockTbName, &tbName) == NULL){ tqError("vgId:%d, failed to add tbname to rsp msg", pTq->pVnode->config.vgId); continue; diff --git a/source/libs/parser/src/parInsertSml.c b/source/libs/parser/src/parInsertSml.c index 929ec01f6a..47cf584a5d 100644 --- a/source/libs/parser/src/parInsertSml.c +++ b/source/libs/parser/src/parInsertSml.c @@ -273,7 +273,12 @@ int32_t smlBuildCol(STableDataCxt* pTableCxt, SSchema* schema, void* data, int32 pVal->value.pData = (uint8_t*)kv->value; } else if (kv->type == TSDB_DATA_TYPE_GEOMETRY || kv->type == TSDB_DATA_TYPE_VARBINARY) { pVal->value.nData = kv->length; - pVal->value.pData = taosMemoryMalloc(kv->length); + void* tmp = taosMemoryMalloc(kv->length); + if (NULL == tmp) { + ret = terrno; + goto end; + } + pVal->value.pData = tmp; (void)memcpy(pVal->value.pData, (uint8_t*)kv->value, kv->length); } else { (void)memcpy(&pVal->value.val, &(kv->value), kv->length);