From a960f0ff790a3fc868171cd927753c34e8625d1c Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Mon, 26 Jul 2021 18:38:37 +0800 Subject: [PATCH 01/13] [TD-5534]:fix the coverity high risk of client --- src/client/src/TSDBJNIConnector.c | 15 +++++++++-- src/client/src/tscParseLineProtocol.c | 39 ++++++++++++++++++++++++--- src/client/src/tscPrepare.c | 4 +-- src/client/src/tscSQLParser.c | 13 ++++++--- src/client/src/tscServer.c | 6 ++++- src/common/src/tname.c | 2 +- 6 files changed, 67 insertions(+), 12 deletions(-) diff --git a/src/client/src/TSDBJNIConnector.c b/src/client/src/TSDBJNIConnector.c index c9b00800e6..667a689979 100644 --- a/src/client/src/TSDBJNIConnector.c +++ b/src/client/src/TSDBJNIConnector.c @@ -728,6 +728,7 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_prepareStmtImp(J int32_t code = taos_stmt_prepare(pStmt, str, len); if (code != TSDB_CODE_SUCCESS) { jniError("jobj:%p, conn:%p, code:%s", jobj, tscon, tstrerror(code)); + free(str); return JNI_TDENGINE_ERROR; } @@ -919,6 +920,10 @@ JNIEXPORT jint JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_setTableNameTagsI char* curTags = tagsData; TAOS_BIND *tagsBind = calloc(numOfTags, sizeof(TAOS_BIND)); + if (tagsBind == NULL) { + jniError("numOfTags:%d, alloc memory failed", numOfTags); + return JNI_OUT_OF_MEMORY; + } for(int32_t i = 0; i < numOfTags; ++i) { tagsBind[i].buffer_type = typeArray[i]; tagsBind[i].buffer = curTags; @@ -941,9 +946,10 @@ JNIEXPORT jint JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_setTableNameTagsI if (code != TSDB_CODE_SUCCESS) { jniError("jobj:%p, conn:%p, code:%s", jobj, tsconn, tstrerror(code)); + free(tagsBind); return JNI_TDENGINE_ERROR; } - + free(tagsBind); return JNI_SUCCESS; } @@ -957,7 +963,10 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_insertLinesImp(J int numLines = (*env)->GetArrayLength(env, lines); char** c_lines = calloc(numLines, sizeof(char*)); - + if (c_lines == NULL) { + jniError("c_lines:%d, alloc memory failed", c_lines); + return JNI_OUT_OF_MEMORY; + } for (int i = 0; i < numLines; ++i) { jstring line = (jstring) ((*env)->GetObjectArrayElement(env, lines, i)); c_lines[i] = (char*)(*env)->GetStringUTFChars(env, line, 0); @@ -972,8 +981,10 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_insertLinesImp(J if (code != TSDB_CODE_SUCCESS) { jniError("jobj:%p, conn:%p, code:%s", jobj, taos, tstrerror(code)); + free(c_lines); return JNI_TDENGINE_ERROR; } + free(c_lines); return code; } \ No newline at end of file diff --git a/src/client/src/tscParseLineProtocol.c b/src/client/src/tscParseLineProtocol.c index d5883af7f6..f0e5017355 100644 --- a/src/client/src/tscParseLineProtocol.c +++ b/src/client/src/tscParseLineProtocol.c @@ -411,6 +411,11 @@ int32_t loadTableMeta(TAOS* taos, char* tableName, SSmlSTableSchema* schema) { taos_free_result(res); SSqlObj* pSql = calloc(1, sizeof(SSqlObj)); + if (pSql == NULL){ + tscError("failed to allocate memory, reason:%s", strerror(errno)); + code = TSDB_CODE_TSC_OUT_OF_MEMORY; + return code; + } pSql->pTscObj = taos; pSql->signature = pSql; pSql->fp = NULL; @@ -421,11 +426,13 @@ int32_t loadTableMeta(TAOS* taos, char* tableName, SSmlSTableSchema* schema) { if (tscValidateName(&tableToken) != TSDB_CODE_SUCCESS) { code = TSDB_CODE_TSC_INVALID_TABLE_ID_LENGTH; sprintf(pSql->cmd.payload, "table name is invalid"); + tscFreeSqlObj(pSql); return code; } SName sname = {0}; if ((code = tscSetTableFullName(&sname, &tableToken, pSql)) != TSDB_CODE_SUCCESS) { + tscFreeSqlObj(pSql); return code; } char fullTableName[TSDB_TABLE_FNAME_LEN] = {0}; @@ -607,6 +614,10 @@ static int32_t changeChildTableTagValue(TAOS* taos, const char* cTableName, cons static int32_t creatChildTableIfNotExists(TAOS* taos, const char* cTableName, const char* sTableName, SArray* tagsSchema, SArray* tagsBind) { size_t numTags = taosArrayGetSize(tagsSchema); char* sql = malloc(tsMaxSQLStringLen+1); + if (sql == NULL) { + tscError("malloc sql memory error"); + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } int freeBytes = tsMaxSQLStringLen + 1; sprintf(sql, "create table if not exists %s using %s", cTableName, sTableName); @@ -628,24 +639,31 @@ static int32_t creatChildTableIfNotExists(TAOS* taos, const char* cTableName, co tscDebug("create table : %s", sql); TAOS_STMT* stmt = taos_stmt_init(taos); + if (stmt == NULL) { + free(sql); + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } int32_t code; code = taos_stmt_prepare(stmt, sql, (unsigned long)strlen(sql)); free(sql); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } code = taos_stmt_bind_param(stmt, TARRAY_GET_START(tagsBind)); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } code = taos_stmt_execute(stmt); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } @@ -660,6 +678,11 @@ static int32_t creatChildTableIfNotExists(TAOS* taos, const char* cTableName, co static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* colsSchema, SArray* rowsBind) { size_t numCols = taosArrayGetSize(colsSchema); char* sql = malloc(tsMaxSQLStringLen+1); + if (sql == NULL) { + tscError("malloc sql memory error"); + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } + int32_t freeBytes = tsMaxSQLStringLen + 1 ; sprintf(sql, "insert into ? ("); @@ -681,11 +704,15 @@ static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* cols int32_t try = 0; TAOS_STMT* stmt = taos_stmt_init(taos); - + if (stmt == NULL) { + free(sql); + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } code = taos_stmt_prepare(stmt, sql, (unsigned long)strlen(sql)); free(sql); if (code != 0) { + free(stmt); tscError("%s", taos_stmt_errstr(stmt)); return code; } @@ -694,6 +721,7 @@ static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* cols code = taos_stmt_set_tbname(stmt, cTableName); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } @@ -703,11 +731,13 @@ static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* cols code = taos_stmt_bind_param(stmt, colsBinds); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } code = taos_stmt_add_batch(stmt); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } } @@ -1627,7 +1657,7 @@ static int32_t parseSmlTimeStamp(TAOS_SML_KV **pTS, const char **index) { static int32_t parseSmlKey(TAOS_SML_KV *pKV, const char **index) { const char *cur = *index; - char key[TSDB_COL_NAME_LEN]; + char key[TSDB_COL_NAME_LEN + 1]; // +1 to avoid 1685 line over write uint16_t len = 0; //key field cannot start with digit @@ -1704,7 +1734,10 @@ static int32_t parseSmlMeasurement(TAOS_SML_DATA_POINT *pSml, const char **index const char *cur = *index; uint16_t len = 0; - pSml->stableName = calloc(TSDB_TABLE_NAME_LEN, 1); + pSml->stableName = calloc(TSDB_TABLE_NAME_LEN + 1, 1); // +1 to avoid 1772 line over write + if (pSml->stableName == NULL){ + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } if (isdigit(*cur)) { tscError("Measurement field cannnot start with digit"); free(pSml->stableName); diff --git a/src/client/src/tscPrepare.c b/src/client/src/tscPrepare.c index 7306523660..efdc24c899 100644 --- a/src/client/src/tscPrepare.c +++ b/src/client/src/tscPrepare.c @@ -1628,8 +1628,8 @@ int taos_stmt_set_tbname_tags(TAOS_STMT* stmt, const char* name, TAOS_BIND* tags if (pStmt->mtb.subSet && taosHashGetSize(pStmt->mtb.pTableHash) > 0) { STableMetaInfo* pTableMetaInfo = tscGetTableMetaInfoFromCmd(pCmd, 0); STableMeta* pTableMeta = pTableMetaInfo->pTableMeta; - char sTableName[TSDB_TABLE_FNAME_LEN]; - strncpy(sTableName, pTableMeta->sTableName, sizeof(sTableName)); + char sTableName[TSDB_TABLE_FNAME_LEN + 1] = {0}; + strncpy(sTableName, pTableMeta->sTableName, sizeof(sTableName) - 1); SStrToken tname = {0}; tname.type = TK_STRING; diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index 9a3b36895d..2d5a3d524e 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -421,7 +421,8 @@ int32_t readFromFile(char *name, uint32_t *len, void **buf) { tfree(*buf); return TSDB_CODE_TSC_APP_ERROR; } - + close(fd); + tfree(*buf); return TSDB_CODE_SUCCESS; } @@ -8110,7 +8111,8 @@ int32_t loadAllTableMeta(SSqlObj* pSql, struct SSqlInfo* pInfo) { assert(maxSize < 80 * TSDB_MAX_COLUMNS); if (!pSql->pBuf) { if (NULL == (pSql->pBuf = tcalloc(1, 80 * TSDB_MAX_COLUMNS))) { - return TSDB_CODE_TSC_OUT_OF_MEMORY; + code = TSDB_CODE_TSC_OUT_OF_MEMORY; + goto _end; } } pTableMeta = calloc(1, maxSize); @@ -8351,14 +8353,18 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS // create dummy table meta info STableMetaInfo* pTableMetaInfo1 = calloc(1, sizeof(STableMetaInfo)); + if (pTableMetaInfo1 == NULL) { + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } pTableMetaInfo1->pTableMeta = extractTempTableMetaFromSubquery(pSub); if (subInfo->aliasName.n > 0) { if (subInfo->aliasName.n >= TSDB_TABLE_FNAME_LEN) { + free(pTableMetaInfo1); return invalidOperationMsg(msgBuf, "subquery alias name too long"); } - strncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, subInfo->aliasName.n); + strncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, MIN(subInfo->aliasName.n, sizeof(pTableMetaInfo1->aliasName) - 1)); } taosArrayPush(pQueryInfo->pUpstream, &pSub); @@ -8368,6 +8374,7 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS STableMetaInfo** tmp = realloc(pQueryInfo->pTableMetaInfo, (pQueryInfo->numOfTables + 1) * POINTER_BYTES); if (tmp == NULL) { + free(pTableMetaInfo1); return TSDB_CODE_TSC_OUT_OF_MEMORY; } diff --git a/src/client/src/tscServer.c b/src/client/src/tscServer.c index f5d6765a5d..401e65efd4 100644 --- a/src/client/src/tscServer.c +++ b/src/client/src/tscServer.c @@ -164,7 +164,7 @@ static void tscUpdateVgroupInfo(SSqlObj *pSql, SRpcEpSet *pEpSet) { vgroupInfo.inUse = pEpSet->inUse; vgroupInfo.numOfEps = pEpSet->numOfEps; for (int32_t i = 0; i < vgroupInfo.numOfEps; i++) { - strncpy(vgroupInfo.ep[i].fqdn, pEpSet->fqdn[i], TSDB_FQDN_LEN); + strncpy(vgroupInfo.ep[i].fqdn, pEpSet->fqdn[i], TSDB_FQDN_LEN); // buffer not null terminated risk vgroupInfo.ep[i].port = pEpSet->port[i]; } @@ -2048,8 +2048,12 @@ int tscProcessTableMetaRsp(SSqlObj *pSql) { assert(pTableMetaInfo->pTableMeta == NULL); STableMeta* pTableMeta = tscCreateTableMetaFromMsg(pMetaMsg); + if (pTableMeta == NULL){ + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } if (!tIsValidSchema(pTableMeta->schema, pTableMeta->tableInfo.numOfColumns, pTableMeta->tableInfo.numOfTags)) { tscError("0x%"PRIx64" invalid table meta from mnode, name:%s", pSql->self, tNameGetTableName(&pTableMetaInfo->name)); + free(pTableMeta); return TSDB_CODE_TSC_INVALID_VALUE; } diff --git a/src/common/src/tname.c b/src/common/src/tname.c index 26502c5d9c..5da48b2e9a 100644 --- a/src/common/src/tname.c +++ b/src/common/src/tname.c @@ -319,7 +319,7 @@ int32_t tNameGetDbName(const SName* name, char* dst) { int32_t tNameGetFullDbName(const SName* name, char* dst) { assert(name != NULL && dst != NULL); - snprintf(dst, TSDB_ACCT_ID_LEN + TS_PATH_DELIMITER_LEN + TSDB_DB_NAME_LEN, + snprintf(dst, TSDB_ACCT_ID_LEN + TS_PATH_DELIMITER_LEN + TSDB_DB_NAME_LEN, // there is a over write risk "%s.%s", name->acctId, name->dbname); return 0; } From eaed6da8cede10b8960d69791950a9731735ab78 Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Tue, 27 Jul 2021 13:57:22 +0800 Subject: [PATCH 02/13] [TD-5534]:fix the coverity high risk of client --- src/client/src/tscGlobalmerge.c | 7 ++++++- src/client/src/tscSql.c | 10 +++++++++- src/client/src/tscSubquery.c | 3 ++- src/client/src/tscUtil.c | 8 ++++++-- src/query/inc/qExecutor.h | 1 + src/query/src/qExecutor.c | 23 ++++++++++++----------- src/query/src/qPlan.c | 4 ++++ 7 files changed, 40 insertions(+), 16 deletions(-) diff --git a/src/client/src/tscGlobalmerge.c b/src/client/src/tscGlobalmerge.c index 8ca8c688f0..9c9bac5951 100644 --- a/src/client/src/tscGlobalmerge.c +++ b/src/client/src/tscGlobalmerge.c @@ -135,7 +135,7 @@ int32_t tscCreateGlobalMerger(tExtMemBuffer **pMemBuffer, int32_t numOfBuffer, t SLocalDataSource *ds = (SLocalDataSource *)malloc(sizeof(SLocalDataSource) + pMemBuffer[0]->pageSize); if (ds == NULL) { tscError("0x%"PRIx64" failed to create merge structure", id); - tfree(pMerger); + tfree(*pMerger); return TSDB_CODE_TSC_OUT_OF_MEMORY; } @@ -443,6 +443,10 @@ int32_t tscCreateGlobalMergerEnv(SQueryInfo *pQueryInfo, tExtMemBuffer ***pMemBu } pModel = createColumnModel(pSchema, (int32_t)size, capacity); + if (pModel == NULL){ + tfree(pSchema); + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } tfree(pSchema); int32_t pg = DEFAULT_PAGE_SIZE; @@ -458,6 +462,7 @@ int32_t tscCreateGlobalMergerEnv(SQueryInfo *pQueryInfo, tExtMemBuffer ***pMemBu } if (createOrderDescriptor(pOrderDesc, pQueryInfo, pModel) != TSDB_CODE_SUCCESS) { + tfree(pModel); return TSDB_CODE_TSC_OUT_OF_MEMORY; } diff --git a/src/client/src/tscSql.c b/src/client/src/tscSql.c index 7675bded65..b6e2604bd2 100644 --- a/src/client/src/tscSql.c +++ b/src/client/src/tscSql.c @@ -963,8 +963,14 @@ int taos_load_table_info(TAOS *taos, const char *tableNameList) { strtolower(str, tableNameList); SArray* plist = taosArrayInit(4, POINTER_BYTES); + if (plist == NULL) { + tfree(str); + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } + SArray* vgroupList = taosArrayInit(4, POINTER_BYTES); - if (plist == NULL || vgroupList == NULL) { + if (vgroupList == NULL) { + taosArrayDestroy(plist); tfree(str); return TSDB_CODE_TSC_OUT_OF_MEMORY; } @@ -980,6 +986,8 @@ int taos_load_table_info(TAOS *taos, const char *tableNameList) { if (code != TSDB_CODE_SUCCESS) { tscFreeSqlObj(pSql); + taosArrayDestroyEx(plist); + taosArrayDestroyEx(vgroupList); return code; } diff --git a/src/client/src/tscSubquery.c b/src/client/src/tscSubquery.c index b72bd78b1b..73794a3aa4 100644 --- a/src/client/src/tscSubquery.c +++ b/src/client/src/tscSubquery.c @@ -2476,8 +2476,9 @@ int32_t tscHandleMasterSTableQuery(SSqlObj *pSql) { pState->states = calloc(pState->numOfSub, sizeof(*pState->states)); if (pState->states == NULL) { pRes->code = TSDB_CODE_TSC_OUT_OF_MEMORY; + tscDestroyGlobalMergerEnv(pMemoryBuf, pDesc,pState->numOfSub); + tscAsyncResultOnError(pSql); - tfree(pMemoryBuf); return ret; } diff --git a/src/client/src/tscUtil.c b/src/client/src/tscUtil.c index 0d69fe173f..08950b93e3 100644 --- a/src/client/src/tscUtil.c +++ b/src/client/src/tscUtil.c @@ -1246,6 +1246,10 @@ void handleDownstreamOperator(SSqlObj** pSqlObjList, int32_t numOfUpstream, SQue } pSourceOperator = createJoinOperatorInfo(p, px->numOfTables, schema, num); + + for(int32_t i = 0; i < px->numOfTables; ++i) { + destroyOperatorInfo(p[i]); + } tfree(p); } else { size_t num = taosArrayGetSize(px->colList); @@ -4368,7 +4372,7 @@ int32_t tscCreateTableMetaFromSTableMeta(STableMeta* pChild, const char* name, v pChild->sversion = p->sversion; pChild->tversion = p->tversion; - memcpy(&pChild->tableInfo, &p->tableInfo, sizeof(STableInfo)); + memcpy(&pChild->tableInfo, &p->tableInfo, sizeof(STableComInfo)); int32_t total = pChild->tableInfo.numOfColumns + pChild->tableInfo.numOfTags; memcpy(pChild->schema, p->schema, sizeof(SSchema) *total); @@ -4719,7 +4723,7 @@ static int32_t doAddTableName(char* nextStr, char** str, SArray* pNameArray, SSq int32_t len = 0; if (nextStr == NULL) { - strncpy(tablename, *str, TSDB_TABLE_FNAME_LEN); + strncpy(tablename, *str, TSDB_TABLE_FNAME_LEN - 1); len = (int32_t) strlen(tablename); } else { len = (int32_t)(nextStr - (*str)); diff --git a/src/query/inc/qExecutor.h b/src/query/inc/qExecutor.h index 4581ba258d..71e9792bd8 100644 --- a/src/query/inc/qExecutor.h +++ b/src/query/inc/qExecutor.h @@ -578,6 +578,7 @@ void doCompactSDataBlock(SSDataBlock* pBlock, int32_t numOfRows, int8_t* p); SSDataBlock* createOutputBuf(SExprInfo* pExpr, int32_t numOfOutput, int32_t numOfRows); void* destroyOutputBuf(SSDataBlock* pBlock); void* doDestroyFilterInfo(SSingleColumnFilterInfo* pFilterInfo, int32_t numOfFilterCols); +void destroyOperatorInfo(SOperatorInfo* pOperator); void setInputDataBlock(SOperatorInfo* pOperator, SQLFunctionCtx* pCtx, SSDataBlock* pBlock, int32_t order); int32_t getNumOfResult(SQueryRuntimeEnv *pRuntimeEnv, SQLFunctionCtx* pCtx, int32_t numOfOutput); diff --git a/src/query/src/qExecutor.c b/src/query/src/qExecutor.c index 982c45c441..7e3e542f5e 100644 --- a/src/query/src/qExecutor.c +++ b/src/query/src/qExecutor.c @@ -191,8 +191,6 @@ static void destroyTagScanOperatorInfo(void* param, int32_t numOfOutput); static void destroySWindowOperatorInfo(void* param, int32_t numOfOutput); static void destroyStateWindowOperatorInfo(void* param, int32_t numOfOutput); static void destroyAggOperatorInfo(void* param, int32_t numOfOutput); -static void destroyOperatorInfo(SOperatorInfo* pOperator); - static int32_t doCopyToSDataBlock(SQueryRuntimeEnv* pRuntimeEnv, SGroupResInfo* pGroupResInfo, int32_t orderType, SSDataBlock* pBlock); @@ -3563,6 +3561,7 @@ STableQueryInfo* createTmpTableQueryInfo(STimeWindow win) { int32_t initialSize = 16; int32_t code = initResultRowInfo(&pTableQueryInfo->resInfo, initialSize, TSDB_DATA_TYPE_INT); if (code != TSDB_CODE_SUCCESS) { + tfree(pTableQueryInfo); return NULL; } @@ -5945,7 +5944,7 @@ static int32_t getNumOfScanTimes(SQueryAttr* pQueryAttr) { return 1; } -static void destroyOperatorInfo(SOperatorInfo* pOperator) { +void destroyOperatorInfo(SOperatorInfo* pOperator) { if (pOperator == NULL) { return; } @@ -7241,9 +7240,7 @@ void destroyUdfInfo(SUdfInfo* pUdfInfo) { tfree(pUdfInfo); } -static char* getUdfFuncName(char* name, int type) { - char* funcname = calloc(1, TSDB_FUNCTIONS_NAME_MAX_LENGTH + 10); - +static char* getUdfFuncName(char* funcname, char* name, int type) { switch (type) { case TSDB_UDF_FUNC_NORMAL: strcpy(funcname, name); @@ -7314,19 +7311,20 @@ int32_t initUdfInfo(SUdfInfo* pUdfInfo) { return TSDB_CODE_QRY_SYS_ERROR; } - pUdfInfo->funcs[TSDB_UDF_FUNC_NORMAL] = taosLoadSym(pUdfInfo->handle, getUdfFuncName(pUdfInfo->name, TSDB_UDF_FUNC_NORMAL)); + char funcname[TSDB_FUNCTIONS_NAME_MAX_LENGTH + 10] = {0}; + pUdfInfo->funcs[TSDB_UDF_FUNC_NORMAL] = taosLoadSym(pUdfInfo->handle, getUdfFuncName(funcname, pUdfInfo->name, TSDB_UDF_FUNC_NORMAL)); if (NULL == pUdfInfo->funcs[TSDB_UDF_FUNC_NORMAL]) { return TSDB_CODE_QRY_SYS_ERROR; } - pUdfInfo->funcs[TSDB_UDF_FUNC_INIT] = taosLoadSym(pUdfInfo->handle, getUdfFuncName(pUdfInfo->name, TSDB_UDF_FUNC_INIT)); + pUdfInfo->funcs[TSDB_UDF_FUNC_INIT] = taosLoadSym(pUdfInfo->handle, getUdfFuncName(funcname, pUdfInfo->name, TSDB_UDF_FUNC_INIT)); if (pUdfInfo->funcType == TSDB_UDF_TYPE_AGGREGATE) { - pUdfInfo->funcs[TSDB_UDF_FUNC_FINALIZE] = taosLoadSym(pUdfInfo->handle, getUdfFuncName(pUdfInfo->name, TSDB_UDF_FUNC_FINALIZE)); - pUdfInfo->funcs[TSDB_UDF_FUNC_MERGE] = taosLoadSym(pUdfInfo->handle, getUdfFuncName(pUdfInfo->name, TSDB_UDF_FUNC_MERGE)); + pUdfInfo->funcs[TSDB_UDF_FUNC_FINALIZE] = taosLoadSym(pUdfInfo->handle, getUdfFuncName(funcname, pUdfInfo->name, TSDB_UDF_FUNC_FINALIZE)); + pUdfInfo->funcs[TSDB_UDF_FUNC_MERGE] = taosLoadSym(pUdfInfo->handle, getUdfFuncName(funcname, pUdfInfo->name, TSDB_UDF_FUNC_MERGE)); } - pUdfInfo->funcs[TSDB_UDF_FUNC_DESTROY] = taosLoadSym(pUdfInfo->handle, getUdfFuncName(pUdfInfo->name, TSDB_UDF_FUNC_DESTROY)); + pUdfInfo->funcs[TSDB_UDF_FUNC_DESTROY] = taosLoadSym(pUdfInfo->handle, getUdfFuncName(funcname, pUdfInfo->name, TSDB_UDF_FUNC_DESTROY)); if (pUdfInfo->funcs[TSDB_UDF_FUNC_INIT]) { return (*(udfInitFunc)pUdfInfo->funcs[TSDB_UDF_FUNC_INIT])(&pUdfInfo->init); @@ -7398,10 +7396,12 @@ int32_t createQueryFunc(SQueriedTableInfo* pTableInfo, int32_t numOfOutput, SExp int32_t j = getColumnIndexInSource(pTableInfo, &pExprs[i].base, pTagCols); if (TSDB_COL_IS_TAG(pExprs[i].base.colInfo.flag)) { if (j < TSDB_TBNAME_COLUMN_INDEX || j >= pTableInfo->numOfTags) { + tfree(pExprs); return TSDB_CODE_QRY_INVALID_MSG; } } else { if (j < PRIMARYKEY_TIMESTAMP_COL_INDEX || j >= pTableInfo->numOfCols) { + tfree(pExprs); return TSDB_CODE_QRY_INVALID_MSG; } } @@ -7421,6 +7421,7 @@ int32_t createQueryFunc(SQueriedTableInfo* pTableInfo, int32_t numOfOutput, SExp int32_t ret = cloneExprFilterInfo(&pExprs[i].base.flist.filterInfo, pExprMsg[i]->flist.filterInfo, pExprMsg[i]->flist.numOfFilters); if (ret) { + tfree(pExprs); return ret; } } diff --git a/src/query/src/qPlan.c b/src/query/src/qPlan.c index e724b0418c..2772e76abe 100644 --- a/src/query/src/qPlan.c +++ b/src/query/src/qPlan.c @@ -222,6 +222,7 @@ SArray* createQueryPlanImpl(SQueryInfo* pQueryInfo) { if (pQueryInfo->numOfTables > 1) { // it is a join query // 1. separate the select clause according to table + taosArrayDestroy(upstream); upstream = taosArrayInit(5, POINTER_BYTES); for(int32_t i = 0; i < pQueryInfo->numOfTables; ++i) { @@ -231,6 +232,7 @@ SArray* createQueryPlanImpl(SQueryInfo* pQueryInfo) { SArray* exprList = taosArrayInit(4, POINTER_BYTES); if (tscExprCopy(exprList, pQueryInfo->exprList, uid, true) != 0) { terrno = TSDB_CODE_TSC_OUT_OF_MEMORY; + tscExprDestroy(exprList); exit(-1); } @@ -245,6 +247,8 @@ SArray* createQueryPlanImpl(SQueryInfo* pQueryInfo) { // 4. add the projection query node SQueryNode* pNode = doAddTableColumnNode(pQueryInfo, pTableMetaInfo, &info, exprList, tableColumnList); + tscColumnListDestroy(tableColumnList); + tscExprDestroy(exprList); taosArrayPush(upstream, &pNode); } From 3e96e6452179255d88443f205a2c6e1dd352bea3 Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Tue, 27 Jul 2021 17:05:37 +0800 Subject: [PATCH 03/13] [TD-5534]:fix the coverity medium risk of client --- src/client/src/tscAsync.c | 3 --- src/client/src/tscLocal.c | 8 ++++++-- src/client/src/tscParseInsert.c | 2 +- src/client/src/tscParseLineProtocol.c | 4 ---- src/client/src/tscPrepare.c | 4 +++- src/client/src/tscSQLParser.c | 16 +++++++++------- src/client/src/tscServer.c | 9 +++++++-- src/client/src/tscStream.c | 2 +- src/client/src/tscSubquery.c | 3 +++ src/client/src/tscUtil.c | 17 ++++------------- src/query/inc/qTableMeta.h | 2 +- src/query/src/qExecutor.c | 11 ++++++++--- src/query/src/qPlan.c | 2 +- src/query/src/qResultbuf.c | 5 +++-- src/query/src/qScript.c | 8 +++++--- src/query/src/qSqlParser.c | 24 +++++++++++++++--------- src/query/src/qTableMeta.c | 2 +- src/query/src/queryMain.c | 2 +- src/util/inc/tlist.h | 2 +- 19 files changed, 70 insertions(+), 56 deletions(-) diff --git a/src/client/src/tscAsync.c b/src/client/src/tscAsync.c index d857d00e15..3c5036cc1a 100644 --- a/src/client/src/tscAsync.c +++ b/src/client/src/tscAsync.c @@ -493,9 +493,6 @@ void tscTableMetaCallBack(void *param, TAOS_RES *res, int code) { return; } - taosReleaseRef(tscObjRef, pSql->self); - return; - _error: pRes->code = code; tscAsyncResultOnError(pSql); diff --git a/src/client/src/tscLocal.c b/src/client/src/tscLocal.c index d1a325be35..e49f4e33ae 100644 --- a/src/client/src/tscLocal.c +++ b/src/client/src/tscLocal.c @@ -851,15 +851,19 @@ static int32_t tscProcessServStatus(SSqlObj *pSql) { SSqlObj* pHb = (SSqlObj*)taosAcquireRef(tscObjRef, pObj->hbrid); if (pHb != NULL) { pSql->res.code = pHb->res.code; - taosReleaseRef(tscObjRef, pObj->hbrid); } if (pSql->res.code == TSDB_CODE_RPC_NETWORK_UNAVAIL) { + taosReleaseRef(tscObjRef, pObj->hbrid); return pSql->res.code; } - pSql->res.code = checkForOnlineNode(pHb); + if (pHb != NULL) { + pSql->res.code = checkForOnlineNode(pHb); + } + if (pSql->res.code == TSDB_CODE_RPC_NETWORK_UNAVAIL) { + taosReleaseRef(tscObjRef, pObj->hbrid); return pSql->res.code; } diff --git a/src/client/src/tscParseInsert.c b/src/client/src/tscParseInsert.c index f24f7a7ecb..8ecc58eb55 100644 --- a/src/client/src/tscParseInsert.c +++ b/src/client/src/tscParseInsert.c @@ -2105,7 +2105,7 @@ static void parseFileSendDataBlock(void *param, TAOS_RES *tres, int32_t numOfRow pParentSql->fp = pParentSql->fetchFp; // all data has been sent to vnode, call user function - int32_t v = (code != TSDB_CODE_SUCCESS) ? code : (int32_t)pParentSql->res.numOfRows; + int32_t v = (int32_t)pParentSql->res.numOfRows; (*pParentSql->fp)(pParentSql->param, pParentSql, v); return; } diff --git a/src/client/src/tscParseLineProtocol.c b/src/client/src/tscParseLineProtocol.c index f0e5017355..4b5416c6b9 100644 --- a/src/client/src/tscParseLineProtocol.c +++ b/src/client/src/tscParseLineProtocol.c @@ -438,10 +438,6 @@ int32_t loadTableMeta(TAOS* taos, char* tableName, SSmlSTableSchema* schema) { char fullTableName[TSDB_TABLE_FNAME_LEN] = {0}; memset(fullTableName, 0, tListLen(fullTableName)); tNameExtractFullName(&sname, fullTableName); - if (code != TSDB_CODE_SUCCESS) { - tscFreeSqlObj(pSql); - return code; - } tscFreeSqlObj(pSql); schema->tags = taosArrayInit(8, sizeof(SSchema)); diff --git a/src/client/src/tscPrepare.c b/src/client/src/tscPrepare.c index efdc24c899..9ff3a0e2dd 100644 --- a/src/client/src/tscPrepare.c +++ b/src/client/src/tscPrepare.c @@ -1773,7 +1773,9 @@ int taos_stmt_close(TAOS_STMT* stmt) { } tscDestroyDataBlock(pStmt->mtb.lastBlock, rmMeta); pStmt->mtb.pTableBlockHashList = tscDestroyBlockHashTable(pStmt->mtb.pTableBlockHashList, rmMeta); - taosHashCleanup(pStmt->pSql->cmd.insertParam.pTableBlockHashList); + if (pStmt->pSql){ + taosHashCleanup(pStmt->pSql->cmd.insertParam.pTableBlockHashList); + } pStmt->pSql->cmd.insertParam.pTableBlockHashList = NULL; taosArrayDestroy(pStmt->mtb.tags); tfree(pStmt->mtb.sqlstr); diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index 2d5a3d524e..1fac9c9a40 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -6860,7 +6860,8 @@ static int32_t doAddGroupbyColumnsOnDemand(SSqlCmd* pCmd, SQueryInfo* pQueryInfo tagSchema = tscGetTableTagSchema(pTableMetaInfo->pTableMeta); } - SSchema* s = NULL; + SSchema tmp = {.type = 0, .name = "", .colId = 0, .bytes = 0}; + SSchema* s = &tmp; for (int32_t i = 0; i < pQueryInfo->groupbyExpr.numOfGroupCols; ++i) { SColIndex* pColIndex = taosArrayGet(pQueryInfo->groupbyExpr.columnInfo, i); @@ -6870,7 +6871,9 @@ static int32_t doAddGroupbyColumnsOnDemand(SSqlCmd* pCmd, SQueryInfo* pQueryInfo s = tGetTbnameColumnSchema(); } else { if (TSDB_COL_IS_TAG(pColIndex->flag)) { - s = &tagSchema[colIndex]; + if(tagSchema){ + s = &tagSchema[colIndex]; + } } else { s = &pSchema[colIndex]; } @@ -8276,17 +8279,16 @@ static int32_t doLoadAllTableMeta(SSqlObj* pSql, SQueryInfo* pQueryInfo, SSqlNod const char* name = tNameGetTableName(&pTableMetaInfo->name); STableMetaVgroupInfo* p = taosHashGet(pCmd->pTableMetaMap, name, strlen(name)); - + if(!p){ + tscError("taosHashGet meta null. name:%s", name); + return TSDB_CODE_TSC_APP_ERROR; + } pTableMetaInfo->pTableMeta = tscTableMetaDup(p->pTableMeta); assert(pTableMetaInfo->pTableMeta != NULL); if (p->pVgroupInfo != NULL) { pTableMetaInfo->vgroupList = tscVgroupsInfoDup(p->pVgroupInfo); } - - if (code != TSDB_CODE_SUCCESS) { - return code; - } } return TSDB_CODE_SUCCESS; diff --git a/src/client/src/tscServer.c b/src/client/src/tscServer.c index 401e65efd4..0748780e1a 100644 --- a/src/client/src/tscServer.c +++ b/src/client/src/tscServer.c @@ -691,7 +691,9 @@ static char *doSerializeTableInfo(SQueryTableMsg *pQueryMsg, SSqlObj *pSql, STab tscDumpEpSetFromVgroupInfo(&pSql->epSet, &vgroupInfo); } - pSql->epSet.inUse = rand()%pSql->epSet.numOfEps; + if (pSql->epSet.numOfEps > 0){ + pSql->epSet.inUse = rand()%pSql->epSet.numOfEps; + } pQueryMsg->head.vgId = htonl(vgId); STableIdInfo *pTableIdInfo = (STableIdInfo *)pMsg; @@ -968,7 +970,7 @@ int tscBuildQueryMsg(SSqlObj *pSql, SSqlInfo *pInfo) { } } - if (query.numOfTags > 0) { + if (query.numOfTags > 0 && query.tagColList != NULL) { for (int32_t i = 0; i < query.numOfTags; ++i) { SColumnInfo* pTag = &query.tagColList[i]; @@ -2351,6 +2353,9 @@ int tscProcessSTableVgroupRsp(SSqlObj *pSql) { break; } + if (!pInfo){ + continue; + } int32_t size = 0; pInfo->vgroupList = createVgroupInfoFromMsg(pMsg, &size, pSql->self); pMsg += size; diff --git a/src/client/src/tscStream.c b/src/client/src/tscStream.c index da5bdf669f..a4d314cb42 100644 --- a/src/client/src/tscStream.c +++ b/src/client/src/tscStream.c @@ -271,7 +271,7 @@ static void tscProcessStreamRetrieveResult(void *param, TAOS_RES *res, int numOf if (pSql == NULL || numOfRows < 0) { int64_t retryDelayTime = tscGetRetryDelayTime(pStream, pStream->interval.sliding, pStream->precision); - tscError("0x%"PRIx64" stream:%p, retrieve data failed, code:0x%08x, retry in %" PRId64 " ms", pSql->self, pStream, numOfRows, retryDelayTime); + tscError("stream:%p, retrieve data failed, code:0x%08x, retry in %" PRId64 " ms", pStream, numOfRows, retryDelayTime); tscSetRetryTimer(pStream, pStream->pSql, retryDelayTime); return; diff --git a/src/client/src/tscSubquery.c b/src/client/src/tscSubquery.c index 73794a3aa4..bef5992d53 100644 --- a/src/client/src/tscSubquery.c +++ b/src/client/src/tscSubquery.c @@ -2723,6 +2723,9 @@ void tscHandleSubqueryError(SRetrieveSupport *trsupport, SSqlObj *pSql, int numO } static void tscAllDataRetrievedFromDnode(SRetrieveSupport *trsupport, SSqlObj* pSql) { + if (trsupport->pExtMemBuffer == NULL){ + return; + } int32_t idx = trsupport->subqueryIndex; SSqlObj * pParentSql = trsupport->pParentSql; tOrderDescriptor *pDesc = trsupport->pOrderDescriptor; diff --git a/src/client/src/tscUtil.c b/src/client/src/tscUtil.c index 08950b93e3..7e36cce50e 100644 --- a/src/client/src/tscUtil.c +++ b/src/client/src/tscUtil.c @@ -275,16 +275,6 @@ bool tscIsProjectionQuery(SQueryInfo* pQueryInfo) { f != TSDB_FUNC_DERIVATIVE) { return false; } - - if (f < 0) { - SUdfInfo* pUdfInfo = taosArrayGet(pQueryInfo->pUdfInfo, -1 * f - 1); - if (pUdfInfo->funcType == TSDB_UDF_TYPE_AGGREGATE) { - return false; - } - - continue; - } - } return true; @@ -3420,7 +3410,7 @@ STableMetaInfo* tscAddTableMetaInfo(SQueryInfo* pQueryInfo, SName* name, STableM return NULL; } - if (pTagCols != NULL) { + if (pTagCols != NULL && pTableMetaInfo->pTableMeta != NULL) { tscColumnListCopy(pTableMetaInfo->tagColList, pTagCols, pTableMetaInfo->pTableMeta->id.uid); } @@ -3851,7 +3841,8 @@ void executeQuery(SSqlObj* pSql, SQueryInfo* pQueryInfo) { SSqlObj* pNew = (SSqlObj*)calloc(1, sizeof(SSqlObj)); if (pNew == NULL) { terrno = TSDB_CODE_TSC_OUT_OF_MEMORY; - // return NULL; + tscError("pNew == NULL, out of memory"); + return; } pNew->pTscObj = pSql->pTscObj; @@ -4339,7 +4330,7 @@ uint32_t tscGetTableMetaSize(STableMeta* pTableMeta) { assert(pTableMeta != NULL); int32_t totalCols = 0; - if (pTableMeta->tableInfo.numOfColumns >= 0 && pTableMeta->tableInfo.numOfTags >= 0) { + if (pTableMeta->tableInfo.numOfColumns >= 0) { totalCols = pTableMeta->tableInfo.numOfColumns + pTableMeta->tableInfo.numOfTags; } diff --git a/src/query/inc/qTableMeta.h b/src/query/inc/qTableMeta.h index 56eea6429f..daef726ca6 100644 --- a/src/query/inc/qTableMeta.h +++ b/src/query/inc/qTableMeta.h @@ -60,7 +60,7 @@ typedef struct STableComInfo { typedef struct STableMeta { int32_t vgId; STableId id; - uint8_t tableType; + int8_t tableType; char sTableName[TSDB_TABLE_FNAME_LEN]; // super table name uint64_t suid; // super table id int16_t sversion; diff --git a/src/query/src/qExecutor.c b/src/query/src/qExecutor.c index 7e3e542f5e..11624ddffc 100644 --- a/src/query/src/qExecutor.c +++ b/src/query/src/qExecutor.c @@ -30,6 +30,7 @@ #include "tcompare.h" #include "tscompression.h" #include "qScript.h" +#include "tscLog.h" #define IS_MASTER_SCAN(runtime) ((runtime)->scanFlag == MASTER_SCAN) #define IS_REVERSE_SCAN(runtime) ((runtime)->scanFlag == REVERSE_SCAN) @@ -750,7 +751,7 @@ static int32_t getNumOfRowsInTimeWindow(SQueryRuntimeEnv* pRuntimeEnv, SDataBloc int32_t step = GET_FORWARD_DIRECTION_FACTOR(order); if (QUERY_IS_ASC_QUERY(pQueryAttr)) { - if (ekey < pDataBlockInfo->window.ekey) { + if (ekey < pDataBlockInfo->window.ekey && pPrimaryColumn) { num = getForwardStepsInBlock(pDataBlockInfo->rows, searchFn, ekey, startPos, order, pPrimaryColumn); if (updateLastKey) { // update the last key item->lastKey = pPrimaryColumn[startPos + (num - 1)] + step; @@ -762,7 +763,7 @@ static int32_t getNumOfRowsInTimeWindow(SQueryRuntimeEnv* pRuntimeEnv, SDataBloc } } } else { // desc - if (ekey > pDataBlockInfo->window.skey) { + if (ekey > pDataBlockInfo->window.skey && pPrimaryColumn) { num = getForwardStepsInBlock(pDataBlockInfo->rows, searchFn, ekey, startPos, order, pPrimaryColumn); if (updateLastKey) { // update the last key item->lastKey = pPrimaryColumn[startPos - (num - 1)] + step; @@ -1299,6 +1300,10 @@ static void doWindowBorderInterpolation(SOperatorInfo* pOperatorInfo, SSDataBloc assert(pBlock != NULL); int32_t step = GET_FORWARD_DIRECTION_FACTOR(pQueryAttr->order.order); + if (pBlock->pDataBlock == NULL){ + tscError("pBlock->pDataBlock == NULL"); + return; + } SColumnInfoData *pColInfo = taosArrayGet(pBlock->pDataBlock, 0); TSKEY *tsCols = (TSKEY *)(pColInfo->pData); @@ -7540,7 +7545,7 @@ SGroupbyExpr *createGroupbyExprFromMsg(SQueryTableMsg *pQueryMsg, SColIndex *pCo int32_t doCreateFilterInfo(SColumnInfo* pCols, int32_t numOfCols, int32_t numOfFilterCols, SSingleColumnFilterInfo** pFilterInfo, uint64_t qId) { *pFilterInfo = calloc(1, sizeof(SSingleColumnFilterInfo) * numOfFilterCols); - if (pFilterInfo == NULL) { + if (*pFilterInfo == NULL) { return TSDB_CODE_QRY_OUT_OF_MEMORY; } diff --git a/src/query/src/qPlan.c b/src/query/src/qPlan.c index 2772e76abe..f7fddecaf8 100644 --- a/src/query/src/qPlan.c +++ b/src/query/src/qPlan.c @@ -40,7 +40,7 @@ static SQueryNode* createQueryNode(int32_t type, const char* name, SQueryNode** pNode->info.type = type; pNode->info.name = strdup(name); - if (pTableInfo->id.uid != 0) { // it is a true table + if (pTableInfo->id.uid != 0 && pTableInfo->tableName) { // it is a true table pNode->tableInfo.id = pTableInfo->id; pNode->tableInfo.tableName = strdup(pTableInfo->tableName); } diff --git a/src/query/src/qResultbuf.c b/src/query/src/qResultbuf.c index 05ecf2e9b1..63eba51d6b 100644 --- a/src/query/src/qResultbuf.c +++ b/src/query/src/qResultbuf.c @@ -78,8 +78,9 @@ static char* doDecompressData(void* data, int32_t srcSize, int32_t *dst, SDiskba } *dst = tsDecompressString(data, srcSize, 1, pResultBuf->assistBuf, pResultBuf->pageSize, ONE_STAGE_COMP, NULL, 0); - - memcpy(data, pResultBuf->assistBuf, *dst); + if (*dst > 0) { + memcpy(data, pResultBuf->assistBuf, *dst); + } return data; } diff --git a/src/query/src/qScript.c b/src/query/src/qScript.c index 261164a84c..ed56526782 100644 --- a/src/query/src/qScript.c +++ b/src/query/src/qScript.c @@ -377,9 +377,11 @@ ScriptEnv* getScriptEnvFromPool() { return NULL; } SListNode *pNode = tdListPopHead(pool->scriptEnvs); - tdListNodeGetData(pool->scriptEnvs, pNode, (void *)(&pEnv)); - listNodeFree(pNode); - + if (pNode){ + tdListNodeGetData(pool->scriptEnvs, pNode, (void *)(&pEnv)); + listNodeFree(pNode); + } + pool->cSize--; pthread_mutex_unlock(&pool->mutex); return pEnv; diff --git a/src/query/src/qSqlParser.c b/src/query/src/qSqlParser.c index eb920b3e17..08c55d5d7e 100644 --- a/src/query/src/qSqlParser.c +++ b/src/query/src/qSqlParser.c @@ -142,14 +142,17 @@ tSqlExpr *tSqlExprCreateIdValue(SStrToken *pToken, int32_t optrType) { } if (optrType == TK_NULL) { - pToken->type = TSDB_DATA_TYPE_NULL; - tVariantCreate(&pSqlExpr->value, pToken); + if (pToken){ + pToken->type = TSDB_DATA_TYPE_NULL; + tVariantCreate(&pSqlExpr->value, pToken); + } pSqlExpr->tokenId = optrType; pSqlExpr->type = SQL_NODE_VALUE; } else if (optrType == TK_INTEGER || optrType == TK_STRING || optrType == TK_FLOAT || optrType == TK_BOOL) { - toTSDBType(pToken->type); - - tVariantCreate(&pSqlExpr->value, pToken); + if (pToken) { + toTSDBType(pToken->type); + tVariantCreate(&pSqlExpr->value, pToken); + } pSqlExpr->tokenId = optrType; pSqlExpr->type = SQL_NODE_VALUE; } else if (optrType == TK_NOW) { @@ -162,9 +165,11 @@ tSqlExpr *tSqlExprCreateIdValue(SStrToken *pToken, int32_t optrType) { } else if (optrType == TK_VARIABLE) { // use nanosecond by default // TODO set value after getting database precision - int32_t ret = parseAbsoluteDuration(pToken->z, pToken->n, &pSqlExpr->value.i64, TSDB_TIME_PRECISION_NANO); - if (ret != TSDB_CODE_SUCCESS) { - terrno = TSDB_CODE_TSC_SQL_SYNTAX_ERROR; + if (pToken) { + int32_t ret = parseAbsoluteDuration(pToken->z, pToken->n, &pSqlExpr->value.i64, TSDB_TIME_PRECISION_NANO); + if (ret != TSDB_CODE_SUCCESS) { + terrno = TSDB_CODE_TSC_SQL_SYNTAX_ERROR; + } } pSqlExpr->flags |= 1 << EXPR_FLAG_NS_TIMESTAMP; @@ -340,8 +345,9 @@ static FORCE_INLINE int32_t tStrTokenCompare(SStrToken* left, SStrToken* right) return (left->type == right->type && left->n == right->n && strncasecmp(left->z, right->z, left->n) == 0) ? 0 : 1; } +// this function is not used for temporary int32_t tSqlExprCompare(tSqlExpr *left, tSqlExpr *right) { - if ((left == NULL && right) || (left && right == NULL)) { + if ((left == NULL && right) || (left && right == NULL) || (left == NULL && right == NULL)) { return 1; } diff --git a/src/query/src/qTableMeta.c b/src/query/src/qTableMeta.c index d25d6b7004..f687b8aa1f 100644 --- a/src/query/src/qTableMeta.c +++ b/src/query/src/qTableMeta.c @@ -72,7 +72,7 @@ SSchema* tscGetColumnSchemaById(STableMeta* pTableMeta, int16_t colId) { } STableMeta* tscCreateTableMetaFromMsg(STableMetaMsg* pTableMetaMsg) { - assert(pTableMetaMsg != NULL && pTableMetaMsg->numOfColumns >= 2 && pTableMetaMsg->numOfTags >= 0); + assert(pTableMetaMsg != NULL && pTableMetaMsg->numOfColumns >= 2); int32_t schemaSize = (pTableMetaMsg->numOfColumns + pTableMetaMsg->numOfTags) * sizeof(SSchema); STableMeta* pTableMeta = calloc(1, sizeof(STableMeta) + schemaSize); diff --git a/src/query/src/queryMain.c b/src/query/src/queryMain.c index 0d140d5ffb..7d30f7c668 100644 --- a/src/query/src/queryMain.c +++ b/src/query/src/queryMain.c @@ -261,7 +261,7 @@ int32_t qRetrieveQueryResultInfo(qinfo_t qinfo, bool* buildRes, void* pRspContex SQInfo *pQInfo = (SQInfo *)qinfo; if (pQInfo == NULL || !isValidQInfo(pQInfo)) { - qError("QInfo:0x%"PRIx64" invalid qhandle", pQInfo->qId); + qError("QInfo invalid qhandle"); return TSDB_CODE_QRY_INVALID_QHANDLE; } diff --git a/src/util/inc/tlist.h b/src/util/inc/tlist.h index 6c96ec0b13..7581904540 100644 --- a/src/util/inc/tlist.h +++ b/src/util/inc/tlist.h @@ -44,7 +44,7 @@ typedef struct { #define listNEles(l) (l)->numOfEles #define listEleSize(l) (l)->eleSize #define isListEmpty(l) ((l)->numOfEles == 0) -#define listNodeFree(n) free(n); +#define listNodeFree(n) free(n) SList * tdListNew(int eleSize); void * tdListFree(SList *list); From b2c0fbe0ce15ba13d79a4e262dee1a1d106bdb02 Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Tue, 27 Jul 2021 17:08:32 +0800 Subject: [PATCH 04/13] [TD-5534]:fix the coverity high risk of client --- src/client/src/TSDBJNIConnector.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/client/src/TSDBJNIConnector.c b/src/client/src/TSDBJNIConnector.c index 667a689979..b373e360a1 100644 --- a/src/client/src/TSDBJNIConnector.c +++ b/src/client/src/TSDBJNIConnector.c @@ -964,7 +964,7 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_insertLinesImp(J int numLines = (*env)->GetArrayLength(env, lines); char** c_lines = calloc(numLines, sizeof(char*)); if (c_lines == NULL) { - jniError("c_lines:%d, alloc memory failed", c_lines); + jniError("c_lines:%p, alloc memory failed", c_lines); return JNI_OUT_OF_MEMORY; } for (int i = 0; i < numLines; ++i) { From f4efe18aa35404c2353031394177a1db79ee1ebe Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Tue, 27 Jul 2021 17:10:51 +0800 Subject: [PATCH 05/13] [TD-5534]:fix the coverity high risk of client --- src/client/src/tscSql.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/client/src/tscSql.c b/src/client/src/tscSql.c index b6e2604bd2..6f3d5c3a63 100644 --- a/src/client/src/tscSql.c +++ b/src/client/src/tscSql.c @@ -986,8 +986,8 @@ int taos_load_table_info(TAOS *taos, const char *tableNameList) { if (code != TSDB_CODE_SUCCESS) { tscFreeSqlObj(pSql); - taosArrayDestroyEx(plist); - taosArrayDestroyEx(vgroupList); + taosArrayDestroyEx(plist, freeElem); + taosArrayDestroyEx(vgroupList, freeElem); return code; } From ff9971ffa2838f08dbeaf761213d563e6ec15f22 Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Tue, 27 Jul 2021 17:43:03 +0800 Subject: [PATCH 06/13] [TD-5534]:fix the coverity high risk of client --- src/client/src/tscLocal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/client/src/tscLocal.c b/src/client/src/tscLocal.c index e49f4e33ae..9e65094e16 100644 --- a/src/client/src/tscLocal.c +++ b/src/client/src/tscLocal.c @@ -860,10 +860,10 @@ static int32_t tscProcessServStatus(SSqlObj *pSql) { if (pHb != NULL) { pSql->res.code = checkForOnlineNode(pHb); + taosReleaseRef(tscObjRef, pObj->hbrid); } if (pSql->res.code == TSDB_CODE_RPC_NETWORK_UNAVAIL) { - taosReleaseRef(tscObjRef, pObj->hbrid); return pSql->res.code; } From 928473f0cbf77e3910539d6b8357c43c9caa9006 Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Tue, 27 Jul 2021 18:27:35 +0800 Subject: [PATCH 07/13] [TD-5534]:fix the coverity high risk of client --- src/client/src/tscParseLineProtocol.c | 2 +- src/client/src/tscPrepare.c | 4 ++-- src/client/src/tscSQLParser.c | 2 +- src/client/src/tscServer.c | 2 +- src/client/src/tscUtil.c | 6 +----- src/query/inc/qExecutor.h | 1 - src/query/src/qExecutor.c | 2 +- 7 files changed, 7 insertions(+), 12 deletions(-) diff --git a/src/client/src/tscParseLineProtocol.c b/src/client/src/tscParseLineProtocol.c index 4b5416c6b9..1790403a5e 100644 --- a/src/client/src/tscParseLineProtocol.c +++ b/src/client/src/tscParseLineProtocol.c @@ -1653,7 +1653,7 @@ static int32_t parseSmlTimeStamp(TAOS_SML_KV **pTS, const char **index) { static int32_t parseSmlKey(TAOS_SML_KV *pKV, const char **index) { const char *cur = *index; - char key[TSDB_COL_NAME_LEN + 1]; // +1 to avoid 1685 line over write + char key[TSDB_COL_NAME_LEN + 1]; // +1 to avoid key[len] over write uint16_t len = 0; //key field cannot start with digit diff --git a/src/client/src/tscPrepare.c b/src/client/src/tscPrepare.c index 9ff3a0e2dd..2c2a299549 100644 --- a/src/client/src/tscPrepare.c +++ b/src/client/src/tscPrepare.c @@ -1628,8 +1628,8 @@ int taos_stmt_set_tbname_tags(TAOS_STMT* stmt, const char* name, TAOS_BIND* tags if (pStmt->mtb.subSet && taosHashGetSize(pStmt->mtb.pTableHash) > 0) { STableMetaInfo* pTableMetaInfo = tscGetTableMetaInfoFromCmd(pCmd, 0); STableMeta* pTableMeta = pTableMetaInfo->pTableMeta; - char sTableName[TSDB_TABLE_FNAME_LEN + 1] = {0}; - strncpy(sTableName, pTableMeta->sTableName, sizeof(sTableName) - 1); + char sTableName[TSDB_TABLE_FNAME_LEN] = {0}; + tstrncpy(sTableName, pTableMeta->sTableName, sizeof(sTableName)); SStrToken tname = {0}; tname.type = TK_STRING; diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index 1fac9c9a40..e899cc3a07 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -8366,7 +8366,7 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS return invalidOperationMsg(msgBuf, "subquery alias name too long"); } - strncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, MIN(subInfo->aliasName.n, sizeof(pTableMetaInfo1->aliasName) - 1)); + tstrncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, MIN(subInfo->aliasName.n, sizeof(pTableMetaInfo1->aliasName))); } taosArrayPush(pQueryInfo->pUpstream, &pSub); diff --git a/src/client/src/tscServer.c b/src/client/src/tscServer.c index 0748780e1a..f3c24eb407 100644 --- a/src/client/src/tscServer.c +++ b/src/client/src/tscServer.c @@ -164,7 +164,7 @@ static void tscUpdateVgroupInfo(SSqlObj *pSql, SRpcEpSet *pEpSet) { vgroupInfo.inUse = pEpSet->inUse; vgroupInfo.numOfEps = pEpSet->numOfEps; for (int32_t i = 0; i < vgroupInfo.numOfEps; i++) { - strncpy(vgroupInfo.ep[i].fqdn, pEpSet->fqdn[i], TSDB_FQDN_LEN); // buffer not null terminated risk + tstrncpy(vgroupInfo.ep[i].fqdn, pEpSet->fqdn[i], TSDB_FQDN_LEN); // buffer not null terminated risk vgroupInfo.ep[i].port = pEpSet->port[i]; } diff --git a/src/client/src/tscUtil.c b/src/client/src/tscUtil.c index 7e36cce50e..27fc19b205 100644 --- a/src/client/src/tscUtil.c +++ b/src/client/src/tscUtil.c @@ -1236,10 +1236,6 @@ void handleDownstreamOperator(SSqlObj** pSqlObjList, int32_t numOfUpstream, SQue } pSourceOperator = createJoinOperatorInfo(p, px->numOfTables, schema, num); - - for(int32_t i = 0; i < px->numOfTables; ++i) { - destroyOperatorInfo(p[i]); - } tfree(p); } else { size_t num = taosArrayGetSize(px->colList); @@ -4714,7 +4710,7 @@ static int32_t doAddTableName(char* nextStr, char** str, SArray* pNameArray, SSq int32_t len = 0; if (nextStr == NULL) { - strncpy(tablename, *str, TSDB_TABLE_FNAME_LEN - 1); + tstrncpy(tablename, *str, TSDB_TABLE_FNAME_LEN); len = (int32_t) strlen(tablename); } else { len = (int32_t)(nextStr - (*str)); diff --git a/src/query/inc/qExecutor.h b/src/query/inc/qExecutor.h index 71e9792bd8..4581ba258d 100644 --- a/src/query/inc/qExecutor.h +++ b/src/query/inc/qExecutor.h @@ -578,7 +578,6 @@ void doCompactSDataBlock(SSDataBlock* pBlock, int32_t numOfRows, int8_t* p); SSDataBlock* createOutputBuf(SExprInfo* pExpr, int32_t numOfOutput, int32_t numOfRows); void* destroyOutputBuf(SSDataBlock* pBlock); void* doDestroyFilterInfo(SSingleColumnFilterInfo* pFilterInfo, int32_t numOfFilterCols); -void destroyOperatorInfo(SOperatorInfo* pOperator); void setInputDataBlock(SOperatorInfo* pOperator, SQLFunctionCtx* pCtx, SSDataBlock* pBlock, int32_t order); int32_t getNumOfResult(SQueryRuntimeEnv *pRuntimeEnv, SQLFunctionCtx* pCtx, int32_t numOfOutput); diff --git a/src/query/src/qExecutor.c b/src/query/src/qExecutor.c index 11624ddffc..6c18419619 100644 --- a/src/query/src/qExecutor.c +++ b/src/query/src/qExecutor.c @@ -5949,7 +5949,7 @@ static int32_t getNumOfScanTimes(SQueryAttr* pQueryAttr) { return 1; } -void destroyOperatorInfo(SOperatorInfo* pOperator) { +static void destroyOperatorInfo(SOperatorInfo* pOperator) { if (pOperator == NULL) { return; } From 4216a400a3e22d00cd308a80fc0f1f382eb9dd40 Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Tue, 27 Jul 2021 18:29:49 +0800 Subject: [PATCH 08/13] [TD-5534]:fix the coverity medium risk of client --- src/query/src/qExecutor.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/query/src/qExecutor.c b/src/query/src/qExecutor.c index 6c18419619..cc51cafe38 100644 --- a/src/query/src/qExecutor.c +++ b/src/query/src/qExecutor.c @@ -192,6 +192,8 @@ static void destroyTagScanOperatorInfo(void* param, int32_t numOfOutput); static void destroySWindowOperatorInfo(void* param, int32_t numOfOutput); static void destroyStateWindowOperatorInfo(void* param, int32_t numOfOutput); static void destroyAggOperatorInfo(void* param, int32_t numOfOutput); +static void destroyOperatorInfo(SOperatorInfo* pOperator); + static int32_t doCopyToSDataBlock(SQueryRuntimeEnv* pRuntimeEnv, SGroupResInfo* pGroupResInfo, int32_t orderType, SSDataBlock* pBlock); From 211c079b074696a645bca76b2bbc22f28dacadb5 Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Wed, 28 Jul 2021 12:11:17 +0800 Subject: [PATCH 09/13] [TD-5534]:fix the coverity high risk of client --- src/client/src/TSDBJNIConnector.c | 15 ++++----------- src/client/src/tscGlobalmerge.c | 3 +-- src/client/src/tscParseLineProtocol.c | 12 ++++++------ src/client/src/tscSQLParser.c | 4 ++-- src/client/src/tscServer.c | 2 +- src/client/src/tscSubquery.c | 2 +- 6 files changed, 15 insertions(+), 23 deletions(-) diff --git a/src/client/src/TSDBJNIConnector.c b/src/client/src/TSDBJNIConnector.c index b373e360a1..7ba613de88 100644 --- a/src/client/src/TSDBJNIConnector.c +++ b/src/client/src/TSDBJNIConnector.c @@ -726,13 +726,12 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_prepareStmtImp(J TAOS_STMT* pStmt = taos_stmt_init(tscon); int32_t code = taos_stmt_prepare(pStmt, str, len); + tfree(str); if (code != TSDB_CODE_SUCCESS) { jniError("jobj:%p, conn:%p, code:%s", jobj, tscon, tstrerror(code)); - free(str); return JNI_TDENGINE_ERROR; } - free(str); return (jlong) pStmt; } @@ -920,10 +919,6 @@ JNIEXPORT jint JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_setTableNameTagsI char* curTags = tagsData; TAOS_BIND *tagsBind = calloc(numOfTags, sizeof(TAOS_BIND)); - if (tagsBind == NULL) { - jniError("numOfTags:%d, alloc memory failed", numOfTags); - return JNI_OUT_OF_MEMORY; - } for(int32_t i = 0; i < numOfTags; ++i) { tagsBind[i].buffer_type = typeArray[i]; tagsBind[i].buffer = curTags; @@ -942,14 +937,13 @@ JNIEXPORT jint JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_setTableNameTagsI tfree(lengthArray); tfree(typeArray); tfree(nullArray); + tfree(tagsBind); (*env)->ReleaseStringUTFChars(env, tableName, name); if (code != TSDB_CODE_SUCCESS) { jniError("jobj:%p, conn:%p, code:%s", jobj, tsconn, tstrerror(code)); - free(tagsBind); return JNI_TDENGINE_ERROR; } - free(tagsBind); return JNI_SUCCESS; } @@ -979,12 +973,11 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_insertLinesImp(J (*env)->ReleaseStringUTFChars(env, line, c_lines[i]); } + tfree(c_lines); if (code != TSDB_CODE_SUCCESS) { jniError("jobj:%p, conn:%p, code:%s", jobj, taos, tstrerror(code)); - free(c_lines); + return JNI_TDENGINE_ERROR; } - - free(c_lines); return code; } \ No newline at end of file diff --git a/src/client/src/tscGlobalmerge.c b/src/client/src/tscGlobalmerge.c index 9c9bac5951..e696d54abd 100644 --- a/src/client/src/tscGlobalmerge.c +++ b/src/client/src/tscGlobalmerge.c @@ -443,11 +443,10 @@ int32_t tscCreateGlobalMergerEnv(SQueryInfo *pQueryInfo, tExtMemBuffer ***pMemBu } pModel = createColumnModel(pSchema, (int32_t)size, capacity); + tfree(pSchema); if (pModel == NULL){ - tfree(pSchema); return TSDB_CODE_TSC_OUT_OF_MEMORY; } - tfree(pSchema); int32_t pg = DEFAULT_PAGE_SIZE; int32_t overhead = sizeof(tFilePage); diff --git a/src/client/src/tscParseLineProtocol.c b/src/client/src/tscParseLineProtocol.c index 1790403a5e..d12ad04aa8 100644 --- a/src/client/src/tscParseLineProtocol.c +++ b/src/client/src/tscParseLineProtocol.c @@ -701,14 +701,14 @@ static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* cols TAOS_STMT* stmt = taos_stmt_init(taos); if (stmt == NULL) { - free(sql); + tfree(sql); return TSDB_CODE_TSC_OUT_OF_MEMORY; } code = taos_stmt_prepare(stmt, sql, (unsigned long)strlen(sql)); - free(sql); + tfree(sql); if (code != 0) { - free(stmt); + tfree(stmt); tscError("%s", taos_stmt_errstr(stmt)); return code; } @@ -717,7 +717,7 @@ static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* cols code = taos_stmt_set_tbname(stmt, cTableName); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); - free(stmt); + tfree(stmt); return code; } @@ -727,13 +727,13 @@ static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* cols code = taos_stmt_bind_param(stmt, colsBinds); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); - free(stmt); + tfree(stmt); return code; } code = taos_stmt_add_batch(stmt); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); - free(stmt); + tfree(stmt); return code; } } diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index e899cc3a07..fb1eb56422 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -8362,7 +8362,7 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS if (subInfo->aliasName.n > 0) { if (subInfo->aliasName.n >= TSDB_TABLE_FNAME_LEN) { - free(pTableMetaInfo1); + tfree(pTableMetaInfo1); return invalidOperationMsg(msgBuf, "subquery alias name too long"); } @@ -8376,7 +8376,7 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS STableMetaInfo** tmp = realloc(pQueryInfo->pTableMetaInfo, (pQueryInfo->numOfTables + 1) * POINTER_BYTES); if (tmp == NULL) { - free(pTableMetaInfo1); + tfree(pTableMetaInfo1); return TSDB_CODE_TSC_OUT_OF_MEMORY; } diff --git a/src/client/src/tscServer.c b/src/client/src/tscServer.c index f3c24eb407..76382d9afd 100644 --- a/src/client/src/tscServer.c +++ b/src/client/src/tscServer.c @@ -2055,7 +2055,7 @@ int tscProcessTableMetaRsp(SSqlObj *pSql) { } if (!tIsValidSchema(pTableMeta->schema, pTableMeta->tableInfo.numOfColumns, pTableMeta->tableInfo.numOfTags)) { tscError("0x%"PRIx64" invalid table meta from mnode, name:%s", pSql->self, tNameGetTableName(&pTableMetaInfo->name)); - free(pTableMeta); + tfree(pTableMeta); return TSDB_CODE_TSC_INVALID_VALUE; } diff --git a/src/client/src/tscSubquery.c b/src/client/src/tscSubquery.c index bef5992d53..2d00253562 100644 --- a/src/client/src/tscSubquery.c +++ b/src/client/src/tscSubquery.c @@ -2476,7 +2476,7 @@ int32_t tscHandleMasterSTableQuery(SSqlObj *pSql) { pState->states = calloc(pState->numOfSub, sizeof(*pState->states)); if (pState->states == NULL) { pRes->code = TSDB_CODE_TSC_OUT_OF_MEMORY; - tscDestroyGlobalMergerEnv(pMemoryBuf, pDesc,pState->numOfSub); + tscDestroyGlob alMergerEnv(pMemoryBuf, pDesc,pState->numOfSub); tscAsyncResultOnError(pSql); return ret; From a7dc581f23db01655ff247762dc9767bea90cab7 Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Wed, 28 Jul 2021 12:12:33 +0800 Subject: [PATCH 10/13] [TD-5534]:fix the coverity high risk of client --- src/client/src/tscSubquery.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/client/src/tscSubquery.c b/src/client/src/tscSubquery.c index 2d00253562..bef5992d53 100644 --- a/src/client/src/tscSubquery.c +++ b/src/client/src/tscSubquery.c @@ -2476,7 +2476,7 @@ int32_t tscHandleMasterSTableQuery(SSqlObj *pSql) { pState->states = calloc(pState->numOfSub, sizeof(*pState->states)); if (pState->states == NULL) { pRes->code = TSDB_CODE_TSC_OUT_OF_MEMORY; - tscDestroyGlob alMergerEnv(pMemoryBuf, pDesc,pState->numOfSub); + tscDestroyGlobalMergerEnv(pMemoryBuf, pDesc,pState->numOfSub); tscAsyncResultOnError(pSql); return ret; From f77874a5f4f9d4822f6a84d1502468dd77db3648 Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Thu, 29 Jul 2021 13:14:52 +0800 Subject: [PATCH 11/13] [TD-5534]:fix the coverity high risk of client --- src/client/src/tscSQLParser.c | 2 +- src/client/src/tscServer.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index b7d513cfbe..7d4434a922 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -8376,7 +8376,7 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS return invalidOperationMsg(msgBuf, "subquery alias name too long"); } - tstrncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, MIN(subInfo->aliasName.n, sizeof(pTableMetaInfo1->aliasName))); + tstrncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, sizeof(pTableMetaInfo1->aliasName)); } taosArrayPush(pQueryInfo->pUpstream, &pSub); diff --git a/src/client/src/tscServer.c b/src/client/src/tscServer.c index 36d3d156db..01c1e4a4a4 100644 --- a/src/client/src/tscServer.c +++ b/src/client/src/tscServer.c @@ -164,7 +164,7 @@ static void tscUpdateVgroupInfo(SSqlObj *pSql, SRpcEpSet *pEpSet) { vgroupInfo.inUse = pEpSet->inUse; vgroupInfo.numOfEps = pEpSet->numOfEps; for (int32_t i = 0; i < vgroupInfo.numOfEps; i++) { - tstrncpy(vgroupInfo.ep[i].fqdn, pEpSet->fqdn[i], TSDB_FQDN_LEN); // buffer not null terminated risk + tstrncpy(vgroupInfo.ep[i].fqdn, pEpSet->fqdn[i], TSDB_FQDN_LEN); vgroupInfo.ep[i].port = pEpSet->port[i]; } From b9db84586cd29cfbfbed767bec46f624c6555c36 Mon Sep 17 00:00:00 2001 From: wangmm0220 Date: Fri, 30 Jul 2021 02:17:10 +0800 Subject: [PATCH 12/13] [TD-5534]:fix high risk strncpy to tstrncpy --- src/client/src/tscSQLParser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index 8be38be504..0a018c863f 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -8415,7 +8415,7 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS return invalidOperationMsg(msgBuf, "subquery alias name too long"); } - tstrncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, sizeof(pTableMetaInfo1->aliasName)); + tstrncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, subInfo->aliasName.n + 1); } taosArrayPush(pQueryInfo->pUpstream, &pSub); From 5f37d8a2a5038dcf600432a12bd83ada29a3fc4a Mon Sep 17 00:00:00 2001 From: wangmm0220 Date: Fri, 30 Jul 2021 11:27:34 +0800 Subject: [PATCH 13/13] [TD-5534]:fix test case out of date error --- tests/script/general/parser/function.sim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/script/general/parser/function.sim b/tests/script/general/parser/function.sim index a3470b1763..5edadad3a6 100644 --- a/tests/script/general/parser/function.sim +++ b/tests/script/general/parser/function.sim @@ -783,7 +783,7 @@ endi sql create stable st1 (ts timestamp, f1 int, f2 int) tags (id int); sql create table tb1 using st1 tags(1); -sql insert into tb1 values (now, 1, 1); +sql insert into tb1 values ('2021-07-02 00:00:00', 1, 1); sql select stddev(f1) from st1 group by f1;