From b8d48e8ea0dcefdc51fcec6a32d19b0a96f66562 Mon Sep 17 00:00:00 2001 From: Bomin Zhang Date: Thu, 5 Nov 2020 11:36:46 +0800 Subject: [PATCH] [TD-1939]: possible crash in wildcard query --- src/tsdb/src/tsdbRead.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/tsdb/src/tsdbRead.c b/src/tsdb/src/tsdbRead.c index 90e16aee53..4916a2d306 100644 --- a/src/tsdb/src/tsdbRead.c +++ b/src/tsdb/src/tsdbRead.c @@ -2311,7 +2311,11 @@ void filterPrepare(void* expr, void* param) { if (pInfo->optr == TSDB_RELATION_IN) { pInfo->q = (char*) pCond->arr; } else { - pInfo->q = calloc(1, pSchema->bytes + TSDB_NCHAR_SIZE); // to make sure tonchar does not cause invalid write, since the '\0' needs at least sizeof(wchar_t) space. + uint32_t size = pCond->nLen * TSDB_NCHAR_SIZE; + if (size < (uint32_t)pSchema->bytes) { + size = pSchema->bytes; + } + pInfo->q = calloc(1, size + TSDB_NCHAR_SIZE); // to make sure tonchar does not cause invalid write, since the '\0' needs at least sizeof(wchar_t) space. tVariantDump(pCond, pInfo->q, pSchema->type, true); } }