From f343d6d320cb0a3b412a3b13d6850d4677acb1f3 Mon Sep 17 00:00:00 2001
From: Haojun Liao <hjliao@taosdata.com>
Date: Tue, 2 Jun 2020 00:53:00 +0800
Subject: [PATCH] [td-314] check for sql str length

---
 src/client/src/tscAsync.c |  6 +++---
 src/client/src/tscSql.c   | 26 ++++++++++++++++----------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/client/src/tscAsync.c b/src/client/src/tscAsync.c
index 96837e4dd4..084367d615 100644
--- a/src/client/src/tscAsync.c
+++ b/src/client/src/tscAsync.c
@@ -56,8 +56,8 @@ void doAsyncQuery(STscObj* pObj, SSqlObj* pSql, void (*fp)(), void* param, const
     return;
   }
   
-  pSql->sqlstr = realloc(pSql->sqlstr, sqlLen + 1);
-  
+  // todo check for OOM problem
+  pSql->sqlstr = calloc(1, sqlLen + 1);
   if (pSql->sqlstr == NULL) {
     tscError("%p failed to malloc sql string buffer", pSql);
     tscQueueAsyncError(fp, param, TSDB_CODE_CLI_OUT_OF_MEMORY);
@@ -95,7 +95,7 @@ void taos_query_a(TAOS *taos, const char *sqlstr, __async_cb_func_t fp, void *pa
   
   int32_t sqlLen = strlen(sqlstr);
   if (sqlLen > tsMaxSQLStringLen) {
-    tscError("sql string too long");
+    tscError("sql string exceeds max length:%d", tsMaxSQLStringLen);
     terrno = TSDB_CODE_INVALID_SQL;
     tscQueueAsyncError(fp, param, TSDB_CODE_INVALID_SQL);
     return;
diff --git a/src/client/src/tscSql.c b/src/client/src/tscSql.c
index cda7d956ab..ba2b900dd5 100644
--- a/src/client/src/tscSql.c
+++ b/src/client/src/tscSql.c
@@ -269,6 +269,15 @@ TAOS_RES* taos_query(TAOS *taos, const char *sqlstr) {
     return NULL;
   }
   
+  int32_t sqlLen = strlen(sqlstr);
+  if (sqlLen > tsMaxSQLStringLen) {
+    tscError("sql string exceeds max length:%d", tsMaxSQLStringLen);
+    terrno = TSDB_CODE_INVALID_SQL;
+    return NULL;
+  }
+  
+  taosNotePrintTsc(sqlstr);
+  
   SSqlObj* pSql = calloc(1, sizeof(SSqlObj));
   if (pSql == NULL) {
     tscError("failed to malloc sqlObj");
@@ -276,7 +285,6 @@ TAOS_RES* taos_query(TAOS *taos, const char *sqlstr) {
     return NULL;
   }
   
-  size_t sqlLen = strlen(sqlstr);
   doAsyncQuery(pObj, pSql, waitForQueryRsp, taos, sqlstr, sqlLen);
 
   // wait for the callback function to post the semaphore
@@ -510,22 +518,20 @@ int taos_select_db(TAOS *taos, const char *db) {
 }
 
 void taos_free_result(TAOS_RES *res) {
-  if (res == NULL) return;
-
   SSqlObj *pSql = (SSqlObj *)res;
-  SSqlRes *pRes = &pSql->res;
-  SSqlCmd *pCmd = &pSql->cmd;
-
-  tscTrace("%p start to free result", pSql);
-
-  if (pSql->signature != pSql) {
+  tscTrace("%p start to free result", res);
+  
+  if (pSql == NULL || pSql->signature != pSql) {
     tscTrace("%p result has been freed", pSql);
     return;
   }
   
+  SSqlRes *pRes = &pSql->res;
+  SSqlCmd *pCmd = &pSql->cmd;
+
   // The semaphore can not be changed while freeing async sub query objects.
   if (pRes == NULL || pRes->qhandle == 0) {
-    tscTrace("%p SqlObj is freed by app, phandle is null", pSql);
+    tscTrace("%p SqlObj is freed by app, qhandle is null", pSql);
     tscFreeSqlObj(pSql);
     return;
   }
-- 
GitLab