Merge pull request #1952 from taosdata/feature/boundary-check

boundary check: fix failed cases

Merge pull request #1952 from taosdata/feature/boundary-check
boundary check: fix failed cases
6eafabd8 · Shengliang Guan · GitHub · 499170d3 · 0c62f023 · 6eafabd8
Showing with 20 addition and 11 deletion

src/client/src/tscParseInsert.c src/client/src/tscParseInsert.c +3 -1

src/client/src/tscServer.c src/client/src/tscServer.c +11 -9

src/mnode/src/mgmtTable.c src/mnode/src/mgmtTable.c +6 -1

未找到文件。
--- a/src/client/src/tscParseInsert.c
+++ b/src/client/src/tscParseInsert.c
@@ -1016,7 +1016,9 @@ int doParseInsertSql(SSqlObj *pSql, char *str) {
    pTableMetaInfo = tscGetMetaInfo(pQueryInfo, 0);
  }
-  if ((code = tscAllocPayload(pCmd, TSDB_PAYLOAD_SIZE)) != TSDB_CODE_SUCCESS) {
+  // TODO: 2048 is added because TSDB_MAX_TAGS_LEN now is 65536
+  // but TSDB_PAYLOAD_SIZE is 65380
+  if ((code = tscAllocPayload(pCmd, TSDB_PAYLOAD_SIZE + 2048)) != TSDB_CODE_SUCCESS) {
    return code;
  }

--- a/src/client/src/tscServer.c
+++ b/src/client/src/tscServer.c
@@ -1467,15 +1467,16 @@ int tscBuildTableMetaMsg(SSqlObj *pSql, SSqlInfo *pInfo) {
  char *         pMsg;
  int            msgLen = 0;
-  char *tmpData = 0;
+  char *tmpData = NULL;
-  if (pSql->cmd.allocSize > 0) {
+  uint32_t len = pSql->cmd.payloadLen;
-    tmpData = calloc(1, pSql->cmd.allocSize);
+  if (len > 0) {
+    tmpData = calloc(1, len);
    if (NULL == tmpData) {
      return TSDB_CODE_CLI_OUT_OF_MEMORY;
    }
    // STagData is in binary format, strncpy is not available
-    memcpy(tmpData, pSql->cmd.payload, pSql->cmd.allocSize);
+    memcpy(tmpData, pSql->cmd.payload, len);
  }
  SSqlCmd *   pCmd = &pSql->cmd;
@@ -1489,9 +1490,9 @@ int tscBuildTableMetaMsg(SSqlObj *pSql, SSqlInfo *pInfo) {
  pMsg = (char*)pInfoMsg + sizeof(SCMTableInfoMsg);
-  if (pSql->cmd.autoCreated) {
+  if (pSql->cmd.autoCreated && len > 0) {
-    memcpy(pInfoMsg->tags, tmpData, sizeof(STagData));
+    memcpy(pInfoMsg->tags, tmpData, len);
-    pMsg += sizeof(STagData);
+    pMsg += len;
  }
  pCmd->payloadLen = pMsg - (char*)pInfoMsg;;
@@ -2375,7 +2376,7 @@ static int32_t getTableMetaFromMgmt(SSqlObj *pSql, STableMetaInfo *pTableMetaInf
  tscGetQueryInfoDetailSafely(&pNew->cmd, 0, &pNewQueryInfo);
  pNew->cmd.autoCreated = pSql->cmd.autoCreated;  // create table if not exists
-  if (TSDB_CODE_SUCCESS != tscAllocPayload(&pNew->cmd, TSDB_DEFAULT_PAYLOAD_SIZE)) {
+  if (TSDB_CODE_SUCCESS != tscAllocPayload(&pNew->cmd, TSDB_DEFAULT_PAYLOAD_SIZE + pSql->cmd.payloadLen)) {
    tscError("%p malloc failed for payload to get table meta", pSql);
    free(pNew);
@@ -2386,7 +2387,8 @@ static int32_t getTableMetaFromMgmt(SSqlObj *pSql, STableMetaInfo *pTableMetaInf
  assert(pNew->cmd.numOfClause == 1 && pNewQueryInfo->numOfTables == 1);
  strncpy(pNewMeterMetaInfo->name, pTableMetaInfo->name, tListLen(pNewMeterMetaInfo->name));
-  memcpy(pNew->cmd.payload, pSql->cmd.payload, TSDB_DEFAULT_PAYLOAD_SIZE);  // tag information if table does not exists.
+  memcpy(pNew->cmd.payload, pSql->cmd.payload, pSql->cmd.payloadLen);  // tag information if table does not exists.
+  pNew->cmd.payloadLen = pSql->cmd.payloadLen;
  tscTrace("%p new pSqlObj:%p to get tableMeta, auto create:%d", pSql, pNew, pNew->cmd.autoCreated);
  pNew->fp = tscTableMetaCallBack;

--- a/src/mnode/src/mgmtTable.c
+++ b/src/mnode/src/mgmtTable.c
@@ -1742,7 +1742,12 @@ static void mgmtAutoCreateChildTable(SQueuedMsg *pMsg) {
  pCreateMsg->igExists = 1;
  pCreateMsg->getMeta = 1;
  pCreateMsg->contLen = htonl(contLen);
-  memcpy(pCreateMsg->schema, pInfo->tags, sizeof(STagData));
+  contLen = sizeof(STagData);
+  if (contLen > pMsg->contLen - sizeof(SCMTableInfoMsg)) {
+    contLen = pMsg->contLen - sizeof(SCMTableInfoMsg);
+  }
+  memcpy(pCreateMsg->schema, pInfo->tags, contLen);
  SQueuedMsg *newMsg = mgmtCloneQueuedMsg(pMsg);
  pMsg->pCont = newMsg->pCont;