From 7447a8c562854d16a9fdb943b965e2f281b44bb9 Mon Sep 17 00:00:00 2001
From: Haojun Liao <hjliao@taosdata.com>
Date: Thu, 18 Mar 2021 15:24:36 +0800
Subject: [PATCH] [td-3361]<fix>: nchar tag filter caused client crash.

---
 src/client/src/tscSQLParser.c          | 14 +++++++++++---
 tests/script/general/parser/topbot.sim |  9 +++++++++
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c
index 8b2998c0e7..3b65d0625f 100644
--- a/src/client/src/tscSQLParser.c
+++ b/src/client/src/tscSQLParser.c
@@ -4138,13 +4138,21 @@ static int32_t validateTagCondExpr(SSqlCmd* pCmd, tExprNode *p) {
     }
     
     int32_t retVal = TSDB_CODE_SUCCESS;
+
+    int32_t bufLen = 0;
+    if (IS_NUMERIC_TYPE(vVariant->nType)) {
+      bufLen = 60;  // The maximum length of string that a number is converted to.
+    } else {
+      bufLen = vVariant->nLen + 1;
+    }
+
     if (schemaType == TSDB_DATA_TYPE_BINARY) {
-      char *tmp = calloc(1, vVariant->nLen + TSDB_NCHAR_SIZE);
+      char *tmp = calloc(1, bufLen * TSDB_NCHAR_SIZE);
       retVal = tVariantDump(vVariant, tmp, schemaType, false);
       free(tmp);
     } else if (schemaType == TSDB_DATA_TYPE_NCHAR) {
       // pRight->value.nLen + 1 is larger than the actual nchar string length
-      char *tmp = calloc(1, (vVariant->nLen + 1) * TSDB_NCHAR_SIZE);
+      char *tmp = calloc(1, bufLen * TSDB_NCHAR_SIZE);
       retVal = tVariantDump(vVariant, tmp, schemaType, false);
       free(tmp);
     } else {
@@ -4155,7 +4163,7 @@ static int32_t validateTagCondExpr(SSqlCmd* pCmd, tExprNode *p) {
     if (retVal != TSDB_CODE_SUCCESS) {
       return invalidSqlErrMsg(tscGetErrorMsgPayload(pCmd), msg2);
     }
-  }while (0);
+  } while (0);
 
   return TSDB_CODE_SUCCESS;
 }
diff --git a/tests/script/general/parser/topbot.sim b/tests/script/general/parser/topbot.sim
index 80a122238e..e23bbf6724 100644
--- a/tests/script/general/parser/topbot.sim
+++ b/tests/script/general/parser/topbot.sim
@@ -316,4 +316,13 @@ if $data13 != @20-02-02 01:01:01.000@ then
   return -1
 endi
 
+print ===============================>td-3361
+sql create table ttm1(ts timestamp, k int) tags(a nchar(12));
+sql create table ttm1_t1 using ttm1 tags('abcdef')
+sql insert into ttm1_t1 values(now, 1)
+sql select * from ttm1 where a=123456789012
+if $row != 0 then
+  return -1
+endi
+
 system sh/exec.sh -n dnode1 -s stop -x SIGINT
\ No newline at end of file
-- 
GitLab