From 2d2316eeec7d105fa38769bbf90116346729a319 Mon Sep 17 00:00:00 2001
From: Haojun Liao <hjliao@taosdata.com>
Date: Fri, 12 Mar 2021 15:32:58 +0800
Subject: [PATCH] [td-3277]<fix>: fix the taosd crash caused by fetching the
 too long binary data in tags.

---
 src/query/src/qExecutor.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/query/src/qExecutor.c b/src/query/src/qExecutor.c
index f8119b0d4a..57efcf4b34 100644
--- a/src/query/src/qExecutor.c
+++ b/src/query/src/qExecutor.c
@@ -2913,7 +2913,9 @@ static void doSetTagValueInParam(void* pTable, int32_t tagColId, tVariant *tag,
         return;
       }
 
-      tVariantCreateFromBinary(tag, varDataVal(val), varDataLen(val), type);
+      int32_t maxLen = bytes - VARSTR_HEADER_SIZE;
+      int32_t len = (varDataLen(val) > maxLen)? maxLen:varDataLen(val);
+      tVariantCreateFromBinary(tag, varDataVal(val), len, type);
     } else {
       if (isNull(val, type)) {
         tag->nType = TSDB_DATA_TYPE_NULL;
@@ -7070,8 +7072,15 @@ static void doSetTagValueToResultBuf(char* output, const char* val, int16_t type
     return;
   }
 
-  if (type == TSDB_DATA_TYPE_BINARY || type == TSDB_DATA_TYPE_NCHAR) {
-    memcpy(output, val, varDataTLen(val));
+  if (IS_VAR_DATA_TYPE(type)) {
+    // Binary data overflows for sort of unknown reasons. Let trim the overflow data
+    if (varDataTLen(val) > bytes) {
+      int32_t len = bytes;
+      memcpy(varDataVal(output), varDataVal(val), len);
+      varDataSetLen(output, len);
+    } else {
+      varDataCopy(output, val);
+    }
   } else {
     memcpy(output, val, bytes);
   }
-- 
GitLab