diff --git a/src/client/src/TSDBJNIConnector.c b/src/client/src/TSDBJNIConnector.c
index 287e061da06aebd44ff7779f568ac04308ed1058..4ec63e9c6d42245a748a79fd60bcfa9eac653c33 100644
--- a/src/client/src/TSDBJNIConnector.c
+++ b/src/client/src/TSDBJNIConnector.c
@@ -565,6 +565,11 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_subscribeImp(JNI
     sql = (char *)(*env)->GetStringUTFChars(env, jsql, NULL);
   }
 
+  if (topic == NULL || sql == NULL) {
+    jniTrace("jobj:%p, invalid argument: topic or sql is NULL", jobj);
+    return sub;
+  }
+
   TAOS_SUB *tsub = taos_subscribe(taos, (int)restart, topic, sql, NULL, NULL, jinterval);
   sub = (jlong)tsub;
 
@@ -574,8 +579,8 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_subscribeImp(JNI
     jniTrace("jobj:%p, successfully subscribe: topic: %s", jobj, topic);
   }
 
-  if (topic != NULL) (*env)->ReleaseStringUTFChars(env, jtopic, topic);
-  if (sql != NULL) (*env)->ReleaseStringUTFChars(env, jsql, sql);
+  (*env)->ReleaseStringUTFChars(env, jtopic, topic);
+  (*env)->ReleaseStringUTFChars(env, jsql, sql);
 
   return sub;
 }
diff --git a/src/client/src/tscLocalMerge.c b/src/client/src/tscLocalMerge.c
index bc3c33423f85fcc9c81e122b9a4e3904f598410a..a731fbae8e0d272e2ca05d5097f8fb2a00761d2d 100644
--- a/src/client/src/tscLocalMerge.c
+++ b/src/client/src/tscLocalMerge.c
@@ -123,7 +123,7 @@ static void tscInitSqlContext(SSqlCmd *pCmd, SLocalReducer *pReducer, tOrderDesc
     }
   }
 
-  if (n == 0) {
+  if (n == 0 || pCtx == NULL) {
     free(pTagCtx);
   } else {
     pCtx->tagInfo.pTagCtxList = pTagCtx;
diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c
index f241e317cdc83b432a1a1d964dff80ea84b663bb..9e0fa654aa3228342fcc9655eb6fd18ca57f8daa 100644
--- a/src/client/src/tscSQLParser.c
+++ b/src/client/src/tscSQLParser.c
@@ -1483,6 +1483,7 @@ int32_t addExprAndResultField(SQueryInfo* pQueryInfo, int32_t colIndex, tSQLExpr
   const char* msg6 = "function applied to tags not allowed";
   const char* msg7 = "normal table can not apply this function";
   const char* msg8 = "multi-columns selection does not support alias column name";
+  const char* msg9 = "invalid function";
 
   switch (optr) {
     case TK_COUNT: {
@@ -1683,7 +1684,9 @@ int32_t addExprAndResultField(SQueryInfo* pQueryInfo, int32_t colIndex, tSQLExpr
       bool requireAllFields = (pItem->pNode->pParam == NULL);
 
       int16_t functionID = 0;
-      changeFunctionID(optr, &functionID);
+      if (changeFunctionID(optr, &functionID) != TSDB_CODE_SUCCESS) {
+        return invalidSqlErrMsg(pQueryInfo->msg, msg9);
+      }
 
       if (!requireAllFields) {
         if (pItem->pNode->pParam->nExpr < 1) {
@@ -3183,10 +3186,22 @@ static bool isValidExpr(tSQLExpr* pLeft, tSQLExpr* pRight, int32_t optr) {
    *
    * However, columnA < 4+12 is valid
    */
-  if ((pLeft->nSQLOptr >= TK_COUNT && pLeft->nSQLOptr <= TK_AVG_IRATE) ||
-      (pRight->nSQLOptr >= TK_COUNT && pRight->nSQLOptr <= TK_AVG_IRATE) ||
-      (pLeft->nSQLOptr >= TK_BOOL && pLeft->nSQLOptr <= TK_BINARY && pRight->nSQLOptr >= TK_BOOL &&
-       pRight->nSQLOptr <= TK_BINARY)) {
+  if (pLeft->nSQLOptr >= TK_COUNT && pLeft->nSQLOptr <= TK_AVG_IRATE) {
+    return false;
+  }
+
+  if (pRight == NULL) {
+    return true;
+  }
+
+  if (pRight->nSQLOptr >= TK_COUNT && pRight->nSQLOptr <= TK_AVG_IRATE) {
+    return false;
+  }
+  
+  if (pLeft->nSQLOptr >= TK_BOOL
+    && pLeft->nSQLOptr <= TK_BINARY
+    && pRight->nSQLOptr >= TK_BOOL
+    && pRight->nSQLOptr <= TK_BINARY) {
     return false;
   }
 
@@ -3759,13 +3774,17 @@ static void doAddJoinTagsColumnsIntoTagList(SQueryInfo* pQueryInfo, SCondExpr* p
   if (QUERY_IS_JOIN_QUERY(pQueryInfo->type) && UTIL_TABLE_IS_SUPER_TABLE(pTableMetaInfo)) {
     SColumnIndex index = {0};
 
-    getColumnIndexByName(&pCondExpr->pJoinExpr->pLeft->colInfo, pQueryInfo, &index);
+    if (getColumnIndexByName(&pCondExpr->pJoinExpr->pLeft->colInfo, pQueryInfo, &index) != TSDB_CODE_SUCCESS) {
+      tscError("%p: invalid column name (left)", pQueryInfo);
+    }
     pTableMetaInfo = tscGetMetaInfo(pQueryInfo, index.tableIndex);
   
     index.columnIndex = index.columnIndex - tscGetNumOfColumns(pTableMetaInfo->pTableMeta);
     tscColumnListInsert(pTableMetaInfo->tagColList, &index);
   
-    getColumnIndexByName(&pCondExpr->pJoinExpr->pRight->colInfo, pQueryInfo, &index);
+    if (getColumnIndexByName(&pCondExpr->pJoinExpr->pRight->colInfo, pQueryInfo, &index) != TSDB_CODE_SUCCESS) {
+      tscError("%p: invalid column name (right)", pQueryInfo);
+    }
     pTableMetaInfo = tscGetMetaInfo(pQueryInfo, index.tableIndex);
   
     index.columnIndex = index.columnIndex - tscGetNumOfColumns(pTableMetaInfo->pTableMeta);
diff --git a/src/client/src/tscServer.c b/src/client/src/tscServer.c
index b2e0c0107ea89a800550839055bb0b338fbf8160..b49f2952ecd0ab3556d96e94cced181293f516f7 100644
--- a/src/client/src/tscServer.c
+++ b/src/client/src/tscServer.c
@@ -204,7 +204,7 @@ int tscSendMsgToServer(SSqlObj *pSql) {
 void tscProcessMsgFromServer(SRpcMsg *rpcMsg, SRpcIpSet *pIpSet) {
   SSqlObj *pSql = (SSqlObj *)rpcMsg->handle;
   if (pSql == NULL || pSql->signature != pSql) {
-    tscError("%p sql is already released", pSql->signature);
+    tscError("%p sql is already released", pSql);
     return;
   }
 
@@ -830,8 +830,16 @@ int tscBuildQueryMsg(SSqlObj *pSql, SSqlInfo *pInfo) {
     assert(QUERY_IS_JOIN_QUERY(pQueryInfo->type) && pBlockInfo != NULL);  // this query should not be sent
 
     // todo refactor
-    fseek(pQueryInfo->tsBuf->f, pBlockInfo->offset, SEEK_SET);
-    fread(pMsg, pBlockInfo->compLen, 1, pQueryInfo->tsBuf->f);
+    if (fseek(pQueryInfo->tsBuf->f, pBlockInfo->offset, SEEK_SET) != 0) {
+      int code = TAOS_SYSTEM_ERROR(ferror(pQueryInfo->tsBuf->f));
+      tscError("%p: fseek failed: %s", pSql, tstrerror(code));
+      return code;
+    }
+    if (fread(pMsg, pBlockInfo->compLen, 1, pQueryInfo->tsBuf->f) != pBlockInfo->compLen) {
+      int code = TAOS_SYSTEM_ERROR(ferror(pQueryInfo->tsBuf->f));
+      tscError("%p: fread didn't return expected data: %s", pSql, tstrerror(code));
+      return code;
+    }
 
     pMsg += pBlockInfo->compLen;
     tsLen = pBlockInfo->compLen;
@@ -1775,7 +1783,7 @@ int tscProcessTableMetaRsp(SSqlObj *pSql) {
     return TSDB_CODE_TSC_INVALID_VALUE;
   }
 
-  if (pMetaMsg->numOfTags > TSDB_MAX_TAGS || pMetaMsg->numOfTags < 0) {
+  if (pMetaMsg->numOfTags > TSDB_MAX_TAGS) {
     tscError("invalid numOfTags:%d", pMetaMsg->numOfTags);
     return TSDB_CODE_TSC_INVALID_VALUE;
   }
diff --git a/src/client/src/tscSubquery.c b/src/client/src/tscSubquery.c
index 87c75bd7e684ae942a4d7b49dd33efedf0c0d388..cc41b97f784bc08cc96ccf7a4659f3e55d8802b0 100644
--- a/src/client/src/tscSubquery.c
+++ b/src/client/src/tscSubquery.c
@@ -1378,6 +1378,7 @@ int32_t tscHandleMasterSTableQuery(SSqlObj *pSql) {
   if (ret != 0) {
     pRes->code = TSDB_CODE_TSC_OUT_OF_MEMORY;
     tscQueueAsyncRes(pSql);
+    tfree(pMemoryBuf);
     return ret;
   }
   
@@ -1729,7 +1730,6 @@ static void tscRetrieveFromDnodeCallBack(void *param, TAOS_RES *tres, int numOfR
                                pRes->numOfRows, pQueryInfo->groupbyExpr.orderType);
     if (ret != 0) { // set no disk space error info, and abort retry
       tscAbortFurtherRetryRetrieval(trsupport, tres, TSDB_CODE_TSC_NO_DISKSPACE);
-      pthread_mutex_unlock(&trsupport->queryMutex);
       
     } else if (pRes->completed) {
       tscAllDataRetrievedFromDnode(trsupport, pSql);