Skip to content

T
TDengine

~笨蛋陪你哭 / TDengine
与 Fork 源项目一致

Fork自 taosdata / TDengine

通知 1
Star 1
Fork 0
T
TDengine

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

未验证 提交 1b7861f8 编写于 作者: sangshuduo's avatar sangshuduo 提交者: GitHub
浏览文件
操作

[TD-6013]<fix>: taosdemo buffer overflow. (#7319)

上级 d1fd8c7e
隐藏空白更改
内联 并排
Showing with 31 addition and 18 deletion
src/kit/taosdemo/taosdemo.c
浏览文件 @ 1b7861f8
......@@ -5101,21 +5101,27 @@ static int64_t generateStbRowData(
int64_t dataLen = 0;
char *pstr = recBuf;
int64_t maxLen = MAX_DATA_SIZE;
int tmpLen;
dataLen += snprintf(pstr + dataLen, maxLen - dataLen,
"(%" PRId64 ",", timestamp);
for (int i = 0; i < stbInfo->columnCount; i++) {
if ((0 == strncasecmp(stbInfo->columns[i].dataType,
"BINARY", strlen("BINARY")))
"BINARY", 6))
|| (0 == strncasecmp(stbInfo->columns[i].dataType,
"NCHAR", strlen("NCHAR")))) {
"NCHAR", 5))) {
if (stbInfo->columns[i].dataLen > TSDB_MAX_BINARY_LEN) {
errorPrint( "binary or nchar length overflow, max size:%u\n",
(uint32_t)TSDB_MAX_BINARY_LEN);
return -1;
}
if ((stbInfo->columns[i].dataLen + 1) >
/* need count 3 extra chars \', \', and , */
(remainderBufLen - dataLen - 3)) {
return 0;
}
char* buf = (char*)calloc(stbInfo->columns[i].dataLen+1, 1);
if (NULL == buf) {
errorPrint( "calloc failed! size:%d\n", stbInfo->columns[i].dataLen);
......@@ -5129,19 +5135,20 @@ static int64_t generateStbRowData(
char *tmp;
if (0 == strncasecmp(stbInfo->columns[i].dataType,
"INT", strlen("INT"))) {
"INT", 3)) {
if ((g_args.demo_mode) && (i == 1)) {
tmp = demo_voltage_int_str();
} else {
tmp = rand_int_str();
}
tstrncpy(pstr + dataLen, tmp, INT_BUFF_LEN);
tmpLen = strlen(tmp);
tstrncpy(pstr + dataLen, tmp, min(tmpLen + 1, INT_BUFF_LEN));
} else if (0 == strncasecmp(stbInfo->columns[i].dataType,
"BIGINT", strlen("BIGINT"))) {
"BIGINT", 6)) {
tmp = rand_bigint_str();
tstrncpy(pstr + dataLen, tmp, BIGINT_BUFF_LEN);
} else if (0 == strncasecmp(stbInfo->columns[i].dataType,
"FLOAT", strlen("FLOAT"))) {
"FLOAT", 5)) {
if (g_args.demo_mode) {
if (i == 0) {
tmp = demo_current_float_str();
......@@ -5151,27 +5158,33 @@ static int64_t generateStbRowData(
} else {
tmp = rand_float_str();
}
tstrncpy(pstr + dataLen, tmp, FLOAT_BUFF_LEN);
tmpLen = strlen(tmp);
tstrncpy(pstr + dataLen, tmp, min(tmpLen +1, FLOAT_BUFF_LEN));
} else if (0 == strncasecmp(stbInfo->columns[i].dataType,
"DOUBLE", strlen("DOUBLE"))) {
"DOUBLE", 6)) {
tmp = rand_double_str();
tstrncpy(pstr + dataLen, tmp, DOUBLE_BUFF_LEN);
tmpLen = strlen(tmp);
tstrncpy(pstr + dataLen, tmp, min(tmpLen +1, DOUBLE_BUFF_LEN));
} else if (0 == strncasecmp(stbInfo->columns[i].dataType,
"SMALLINT", strlen("SMALLINT"))) {
"SMALLINT", 8)) {
tmp = rand_smallint_str();
tstrncpy(pstr + dataLen, tmp, SMALLINT_BUFF_LEN);
tmpLen = strlen(tmp);
tstrncpy(pstr + dataLen, tmp, min(tmpLen + 1, SMALLINT_BUFF_LEN));
} else if (0 == strncasecmp(stbInfo->columns[i].dataType,
"TINYINT", strlen("TINYINT"))) {
"TINYINT", 7)) {
tmp = rand_tinyint_str();
tstrncpy(pstr + dataLen, tmp, TINYINT_BUFF_LEN);
tmpLen = strlen(tmp);
tstrncpy(pstr + dataLen, tmp, min(tmpLen +1, TINYINT_BUFF_LEN));
} else if (0 == strncasecmp(stbInfo->columns[i].dataType,
"BOOL", strlen("BOOL"))) {
"BOOL", 4)) {
tmp = rand_bool_str();
tstrncpy(pstr + dataLen, tmp, BOOL_BUFF_LEN);
tmpLen = strlen(tmp);
tstrncpy(pstr + dataLen, tmp, min(tmpLen +1, BOOL_BUFF_LEN));
} else if (0 == strncasecmp(stbInfo->columns[i].dataType,
"TIMESTAMP", strlen("TIMESTAMP"))) {
"TIMESTAMP", 9)) {
tmp = rand_int_str();
tstrncpy(pstr + dataLen, tmp, INT_BUFF_LEN);
tmpLen = strlen(tmp);
tstrncpy(pstr + dataLen, tmp, min(tmpLen +1, INT_BUFF_LEN));
} else {
errorPrint( "Not support data type: %s\n", stbInfo->columns[i].dataType);
return -1;
......@@ -5182,7 +5195,7 @@ static int64_t generateStbRowData(
dataLen += 1;
}
if (dataLen > (remainderBufLen - (DOUBLE_BUFF_LEN + 1)))
if (dataLen > (remainderBufLen - (128)))
return 0;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册