From b252163e2285803393f0dcaf0d79f56f3ce38230 Mon Sep 17 00:00:00 2001 From: fangpanpan Date: Fri, 17 Jan 2020 15:01:18 +0800 Subject: [PATCH 1/3] [check overflow] --- src/client/src/tscSQLParser.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index b6b3a63b5f..70620de329 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -5705,16 +5705,23 @@ void tscPrintSelectClause(SSqlCmd* pCmd) { return; } - char* str = calloc(1, 10240); + int32_t totalBufSize = 10240; + char* str = (char*)calloc(1, 10240); + if (str == NULL) return; + int32_t offset = 0; - offset += sprintf(str, "%d [", pCmd->exprsInfo.numOfExprs); + offset += sprintf(str, "num:%d [", pCmd->exprsInfo.numOfExprs); for (int32_t i = 0; i < pCmd->exprsInfo.numOfExprs; ++i) { SSqlExpr* pExpr = tscSqlExprGet(pCmd, i); - int32_t size = sprintf(str + offset, "%s(%d)", aAggs[pExpr->functionId].aName, pExpr->colInfo.colId); - offset += size; + char tmpBuf[1024] = {0}; + int32_t tmpLen = 0; + tmpLen = sprintf(tmpBuf, "%s(uid:%" PRId64 ", %d)", aAggs[pExpr->functionId].aName, pExpr->uid, pExpr->colInfo.colId); + if (tmpLen + offset > totalBufSize) break; + offset += sprintf(str + offset, "%s", tmpBuf); + if (i < pCmd->exprsInfo.numOfExprs - 1) { str[offset++] = ','; } From 69c95d0d75b491674efc512f60fac034c7f610be Mon Sep 17 00:00:00 2001 From: Hongze Cheng Date: Fri, 17 Jan 2020 22:56:18 +0800 Subject: [PATCH 2/3] Fix dump memory leak --- src/kit/taosdump/taosdump.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/kit/taosdump/taosdump.c b/src/kit/taosdump/taosdump.c index f722d24c26..07c52b912f 100644 --- a/src/kit/taosdump/taosdump.c +++ b/src/kit/taosdump/taosdump.c @@ -797,7 +797,10 @@ int32_t taosDumpTable(char *table, char *metric, struct arguments *arguments, FI if (metric != NULL && metric[0] != '\0') { // dump metric definition count = taosGetTableDes(metric, tableDes); - if (count < 0) return -1; + if (count < 0) { + free(tableDes); + return -1; + } taosDumpCreateTableClause(tableDes, count, arguments, fp); @@ -805,18 +808,26 @@ int32_t taosDumpTable(char *table, char *metric, struct arguments *arguments, FI count = taosGetTableDes(table, tableDes); - if (count < 0) return -1; + if (count < 0) { + free(tableDes); + return -1; + } taosDumpCreateMTableClause(tableDes, metric, count, arguments, fp); } else { // dump table definition count = taosGetTableDes(table, tableDes); - if (count < 0) return -1; + if (count < 0) { + free(tableDes); + return -1; + } taosDumpCreateTableClause(tableDes, count, arguments, fp); } + free(tableDes); + return taosDumpTableData(fp, table, arguments); } From e12f765b8fb9689900fe76210be6028acac2d821 Mon Sep 17 00:00:00 2001 From: hjxilinx Date: Sat, 18 Jan 2020 10:24:07 +0800 Subject: [PATCH 3/3] fix the bug of deref the qhandle --- src/system/detail/src/vnodeShell.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/system/detail/src/vnodeShell.c b/src/system/detail/src/vnodeShell.c index ce1cabe141..4943eb1da9 100644 --- a/src/system/detail/src/vnodeShell.c +++ b/src/system/detail/src/vnodeShell.c @@ -215,7 +215,7 @@ void vnodeCloseShellVnode(int vnode) { if (shellList[vnode] == NULL) return; for (int i = 0; i < vnodeList[vnode].cfg.maxSessions; ++i) { - vnodeFreeQInfo(shellList[vnode][i].qhandle, true); + vnodeDecRefCount(shellList[vnode][i].qhandle); } int32_t* v = malloc(sizeof(int32_t)); @@ -369,8 +369,10 @@ int vnodeProcessQueryRequest(char *pMsg, int msgLen, SShellObj *pObj) { if (pObj->qhandle) { dTrace("QInfo:%p %s free qhandle", pObj->qhandle, __FUNCTION__); - vnodeFreeQInfo(pObj->qhandle, true); + void* qHandle = pObj->qhandle; pObj->qhandle = NULL; + + vnodeDecRefCount(qHandle); } if (QUERY_IS_STABLE_QUERY(pQueryMsg->queryType)) {