From 883eb48bf2af4626e37e1798c8a1dfd734030a3d Mon Sep 17 00:00:00 2001 From: xjzhou Date: Thu, 20 Jun 2024 15:22:50 +0800 Subject: [PATCH] fix: stmt bind crashed when colIdx exceeds column nums --- source/client/src/clientStmt.c | 8 ++++++-- source/libs/parser/src/parInsertStmt.c | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/source/client/src/clientStmt.c b/source/client/src/clientStmt.c index 32d31585ea..0b907b8661 100644 --- a/source/client/src/clientStmt.c +++ b/source/client/src/clientStmt.c @@ -1258,8 +1258,12 @@ int stmtBindBatch(TAOS_STMT* stmt, TAOS_MULTI_BIND* bind, int32_t colIdx) { pStmt->bInfo.sBindRowNum = bind->num; } - qBindStmtSingleColValue(*pDataBlock, pCols, bind, pStmt->exec.pRequest->msgBuf, pStmt->exec.pRequest->msgBufLen, colIdx, - pStmt->bInfo.sBindRowNum); + code = qBindStmtSingleColValue(*pDataBlock, pCols, bind, pStmt->exec.pRequest->msgBuf, + pStmt->exec.pRequest->msgBufLen, colIdx, pStmt->bInfo.sBindRowNum); + if (code) { + tscError("qBindStmtSingleColValue failed, error:%s", tstrerror(code)); + STMT_ERR_RET(code); + } } int64_t startUs4 = taosGetTimestampUs(); diff --git a/source/libs/parser/src/parInsertStmt.c b/source/libs/parser/src/parInsertStmt.c index 648a119712..44f8bd90b0 100644 --- a/source/libs/parser/src/parInsertStmt.c +++ b/source/libs/parser/src/parInsertStmt.c @@ -410,6 +410,11 @@ int32_t qBindStmtSingleColValue(void* pBlock, SArray* pCols, TAOS_MULTI_BIND* bi return buildInvalidOperationMsg(&pBuf, "row number in each bind param should be the same"); } + // Column index exceeds the number of columns + if (colIdx >= pCols->size && pCol == NULL) { + return buildInvalidOperationMsg(&pBuf, "column index exceeds the number of columns"); + } + if (bind->buffer_type != pColSchema->type) { return buildInvalidOperationMsg(&pBuf, "column type mis-match with buffer type"); }