xxq250
/
homework-jianmu
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix heap over flow at obj str.

This commit is contained in:
xiao-77 2024-11-26 19:23:10 +08:00
parent 223e0f55c5
commit c6e39b8286
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source/dnode/mnode/impl/src/mndConfig.c
View File

@ -112,8 +112,9 @@ SSdbRaw *mnCfgActionEncode(SConfigObj *obj) {
case CFG_DTYPE_CHARSET: case CFG_DTYPE_CHARSET:
case CFG_DTYPE_TIMEZONE: case CFG_DTYPE_TIMEZONE:
if (obj->str != NULL) { if (obj->str != NULL) {
SDB_SET_INT32(pRaw, dataPos, strlen(obj->str), _OVER) int32_t len = strlen(obj->str) + 1;
SDB_SET_BINARY(pRaw, dataPos, obj->str, strlen(obj->str), _OVER) SDB_SET_INT32(pRaw, dataPos, len, _OVER)
SDB_SET_BINARY(pRaw, dataPos, obj->str, len, _OVER)
} else { } else {
SDB_SET_INT32(pRaw, dataPos, 0, _OVER) SDB_SET_INT32(pRaw, dataPos, 0, _OVER)
} }
@ -184,7 +185,7 @@ SSdbRow *mndCfgActionDecode(SSdbRaw *pRaw) {
case CFG_DTYPE_TIMEZONE: case CFG_DTYPE_TIMEZONE:
SDB_GET_INT32(pRaw, dataPos, &len, _OVER) SDB_GET_INT32(pRaw, dataPos, &len, _OVER)
if (len > 0) { if (len > 0) {
obj->str = taosMemoryMalloc(len + 1); obj->str = taosMemoryMalloc(len);
SDB_GET_BINARY(pRaw, dataPos, obj->str, len, _OVER) SDB_GET_BINARY(pRaw, dataPos, obj->str, len, _OVER)
} }
break; break;