[TS-913]<fix>: fixed coredump when memcpy without checking the length

06f76df3 · xywang · 1332da9f · 06f76df3 · 06f76df3
隐藏空白更改
内联并排

Showing with 12 addition and 3 deletion

src/plugins/http/src/httpGcJson.c src/plugins/http/src/httpGcJson.c +2 -2

tests/script/general/http/grafana.sim tests/script/general/http/grafana.sim +10 -1

未找到文件。
--- a/src/plugins/http/src/httpGcJson.c
+++ b/src/plugins/http/src/httpGcJson.c
@@ -129,7 +129,7 @@ bool gcBuildQueryJson(HttpContext *pContext, HttpSqlCmd *cmd, TAOS_RES *result,
    // for group by
    if (groupFields != -1) {
-      char    target[HTTP_GC_TARGET_SIZE] = {0};
+      char    target[HTTP_GC_TARGET_SIZE << 5] = {0};
      int32_t len;
      len = snprintf(target, HTTP_GC_TARGET_SIZE, "%s{", aliasBuffer);
      for (int32_t i = dataFields + 1; i < num_fields; i++) {
@@ -167,7 +167,7 @@ bool gcBuildQueryJson(HttpContext *pContext, HttpSqlCmd *cmd, TAOS_RES *result,
          case TSDB_DATA_TYPE_NCHAR:
            if (row[i] != NULL) {
              len += snprintf(target + len, HTTP_GC_TARGET_SIZE - len, "%s:", fields[i].name);
-              memcpy(target + len, (char *)row[i], length[i]);
+              memcpy(target + len, (char *)row[i], MIN(length[i], HTTP_GC_TARGET_SIZE - 1 - len));
              len = (int32_t)strlen(target);
            }
            break;

--- a/tests/script/general/http/grafana.sim
+++ b/tests/script/general/http/grafana.sim
@@ -50,6 +50,9 @@ sql insert into t3 values('2017-12-25 21:25:41', 3)
 sql insert into t3 values('2017-12-25 21:26:41', 3)
 sql insert into t3 values('2017-12-25 21:27:41', 3)
+sql create table m3 (ts timestamp, col1 int, col2 float, txt binary(500))
+sql insert into m3 values(now, 1, 2.0, 'HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS')
 print ===============  step2 - login
 system_content curl 127.0.0.1:7111/grafana/
@@ -179,4 +182,10 @@ if $system_content != @[{"refId":"A","target":"{count(v1):3}","datapoints":[[15.
  return -1
 endi
-system sh/exec.sh -n dnode1 -s stop -x SIGINT
+system_content curl -H 'Authorization: Taosd /KfeAzX/f9na8qdtNZmtONryp201ma04bEl8LcvLUd7a8qdtNZmtONryp201ma04' -d '[{"refId":"A","alias":"taosd","sql":"select last(col1), last(col2), last(txt) from d1.m3 group by txt"}]' 127.0.0.1:7111/grafana/query
\ No newline at end of file
+print 20-> $system_content
+if $system_content != @[{"refId":"A","target":"taosd{last(col2):2.00000, last(txt):HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HELLO TAOS HE","datapoints":[[1,"-"]]}]@ then
+  return -1
+endi
+system sh/exec.sh -n dnode1 -s stop -x SIGINT