From 5586c23906338f800881f3c524e594ad9a5c05e6 Mon Sep 17 00:00:00 2001 From: Haojun Liao Date: Fri, 19 Mar 2021 10:07:27 +0800 Subject: [PATCH] [td-3361]: fix crash caused by nchar type filter. --- src/client/src/tscSQLParser.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index 3b65d0625f..ab13251c64 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -3092,18 +3092,26 @@ static int32_t doExtractColumnFilterInfo(SSqlCmd* pCmd, SQueryInfo* pQueryInfo, } int32_t retVal = TSDB_CODE_SUCCESS; + + int32_t bufLen = 0; + if (IS_NUMERIC_TYPE(pRight->value.nType)) { + bufLen = 60; + } else { + bufLen = pRight->value.nLen + 1; + } + if (pExpr->tokenId == TK_LE || pExpr->tokenId == TK_LT) { retVal = tVariantDump(&pRight->value, (char*)&pColumnFilter->upperBndd, colType, false); // TK_GT,TK_GE,TK_EQ,TK_NE are based on the pColumn->lowerBndd } else if (colType == TSDB_DATA_TYPE_BINARY) { - pColumnFilter->pz = (int64_t)calloc(1, pRight->value.nLen + TSDB_NCHAR_SIZE); + pColumnFilter->pz = (int64_t)calloc(1, bufLen * TSDB_NCHAR_SIZE); pColumnFilter->len = pRight->value.nLen; retVal = tVariantDump(&pRight->value, (char*)pColumnFilter->pz, colType, false); } else if (colType == TSDB_DATA_TYPE_NCHAR) { // pRight->value.nLen + 1 is larger than the actual nchar string length - pColumnFilter->pz = (int64_t)calloc(1, (pRight->value.nLen + 1) * TSDB_NCHAR_SIZE); + pColumnFilter->pz = (int64_t)calloc(1, bufLen * TSDB_NCHAR_SIZE); retVal = tVariantDump(&pRight->value, (char*)pColumnFilter->pz, colType, false); size_t len = twcslen((wchar_t*)pColumnFilter->pz); pColumnFilter->len = len * TSDB_NCHAR_SIZE; -- GitLab