From 9017b178cbfb6d7f1d09f70be0b66031a76afb29 Mon Sep 17 00:00:00 2001 From: Haojun Liao Date: Fri, 8 Jan 2021 14:35:52 +0800 Subject: [PATCH 1/4] [TD-225]add nchar convert error process. --- src/common/src/tvariant.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/src/common/src/tvariant.c b/src/common/src/tvariant.c index 571ec2e0dd..d5ea25ef88 100644 --- a/src/common/src/tvariant.c +++ b/src/common/src/tvariant.c @@ -452,8 +452,11 @@ static int32_t toNchar(tVariant *pVariant, char **pDest, int32_t *pDestSize) { if (*pDest == pVariant->pz) { wchar_t *pWStr = calloc(1, (nLen + 1) * TSDB_NCHAR_SIZE); - taosMbsToUcs4(pDst, nLen, (char *)pWStr, (nLen + 1) * TSDB_NCHAR_SIZE, NULL); - + bool ret = taosMbsToUcs4(pDst, nLen, (char *)pWStr, (nLen + 1) * TSDB_NCHAR_SIZE, NULL); + if (!ret) { + return -1; + } + // free the binary buffer in the first place if (pVariant->nType == TSDB_DATA_TYPE_BINARY) { free(pVariant->wpz); @@ -469,8 +472,11 @@ static int32_t toNchar(tVariant *pVariant, char **pDest, int32_t *pDestSize) { pVariant->wpz = (wchar_t *)tmp; } else { size_t output = -1; - taosMbsToUcs4(pDst, nLen, *pDest, (nLen + 1) * TSDB_NCHAR_SIZE, &output); - + bool ret = taosMbsToUcs4(pDst, nLen, *pDest, (nLen + 1) * TSDB_NCHAR_SIZE, &output); + if (!ret) { + return -1; + } + if (pDestSize != NULL) { *pDestSize = (int32_t)output; } @@ -638,8 +644,6 @@ static int32_t convertToBool(tVariant *pVariant, int64_t *pDest) { /* * transfer data from variant serve as the implicit data conversion: from input sql string pVariant->nType * to column type defined in schema - * - * todo handle the return value */ int32_t tVariantDump(tVariant *pVariant, char *payload, int16_t type, bool includeLengthPrefix) { if (pVariant == NULL || (pVariant->nType != 0 && !isValidDataType(pVariant->nType))) { @@ -805,7 +809,9 @@ int32_t tVariantDump(tVariant *pVariant, char *payload, int16_t type, bool inclu *(uint32_t *)payload = TSDB_DATA_NCHAR_NULL; } else { if (pVariant->nType != TSDB_DATA_TYPE_NCHAR) { - toNchar(pVariant, &payload, &newlen); + if (toNchar(pVariant, &payload, &newlen) != 0) { + return -1; + } } else { wcsncpy((wchar_t *)payload, pVariant->wpz, pVariant->nLen); } @@ -817,7 +823,9 @@ int32_t tVariantDump(tVariant *pVariant, char *payload, int16_t type, bool inclu char *p = varDataVal(payload); if (pVariant->nType != TSDB_DATA_TYPE_NCHAR) { - toNchar(pVariant, &p, &newlen); + if (toNchar(pVariant, &p, &newlen) != 0) { + return -1; + } } else { wcsncpy((wchar_t *)p, pVariant->wpz, pVariant->nLen); newlen = pVariant->nLen; @@ -901,7 +909,11 @@ int32_t tVariantTypeSetType(tVariant *pVariant, char type) { } case TSDB_DATA_TYPE_NCHAR: { if (pVariant->nType != TSDB_DATA_TYPE_NCHAR) { - toNchar(pVariant, &pVariant->pz, &pVariant->nLen); + int32_t ret = toNchar(pVariant, &pVariant->pz, &pVariant->nLen); + if (ret != 0) { + return -1; + } + } pVariant->nType = type; break; From 11ace7f5c02a024fed72416598c6f5f146810a91 Mon Sep 17 00:00:00 2001 From: Haojun Liao Date: Wed, 13 Jan 2021 11:35:48 +0800 Subject: [PATCH 2/4] [TD-225]fix potential overflow in char array. --- src/client/src/tscSQLParser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index d105c577db..b62d41c821 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -6084,7 +6084,7 @@ void tscPrintSelectClause(SSqlObj* pSql, int32_t subClauseIndex) { int32_t tmpLen = 0; tmpLen = sprintf(tmpBuf, "%s(uid:%" PRId64 ", %d)", aAggs[pExpr->functionId].aName, pExpr->uid, pExpr->colInfo.colId); - if (tmpLen + offset > totalBufSize) break; + if (tmpLen + offset + 1 >= totalBufSize) break; offset += sprintf(str + offset, "%s", tmpBuf); From f9c5e3353179fc2f2dec9da3c48eb48951db6bb5 Mon Sep 17 00:00:00 2001 From: Haojun Liao Date: Wed, 13 Jan 2021 11:36:30 +0800 Subject: [PATCH 3/4] [TD-225]fix potential char array overflow. --- src/client/src/tscSQLParser.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index b62d41c821..fdafaaa07a 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -6094,6 +6094,7 @@ void tscPrintSelectClause(SSqlObj* pSql, int32_t subClauseIndex) { } str[offset] = ']'; + assert(offset < totalBufSize); tscDebug("%p select clause:%s", pSql, str); } From f43f35381ad76b27cb037338e96c8455a744ef4f Mon Sep 17 00:00:00 2001 From: Haojun Liao Date: Thu, 14 Jan 2021 13:51:56 +0800 Subject: [PATCH 4/4] [TD-2740]: change the password length by using another macro definition. --- src/query/src/qExecutor.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/query/src/qExecutor.c b/src/query/src/qExecutor.c index d9630edb9e..b773b38be0 100644 --- a/src/query/src/qExecutor.c +++ b/src/query/src/qExecutor.c @@ -3207,6 +3207,10 @@ void copyResToQueryResultBuf(SQInfo *pQInfo, SQuery *pQuery) { // all results in current group have been returned to client, try next group if (pGroupResInfo->index >= taosArrayGetSize(pGroupResInfo->pRows)) { // current results of group has been sent to client, try next group + pGroupResInfo->index = 0; + pGroupResInfo->rowId = 0; + taosArrayClear(pGroupResInfo->pRows); + if (mergeGroupResult(pQInfo) != TSDB_CODE_SUCCESS) { return; // failed to save data in the disk }