From 56f327a5ff703815d5b9cb7735c46c0a2f011218 Mon Sep 17 00:00:00 2001
From: Shen Zhi <m13120163046@163.com>
Date: Wed, 17 Nov 2021 20:52:54 +0800
Subject: [PATCH] Fix/td 8690 fix size buffer (STRING_OVERFLOW)

problem can be described as Copying p - > fullname without checking the length may overflow the 237 character fixed size string pcreate - > tablename.
I added a module to check the length and re-enter it before copying,
I wonder if that solved the problem.

Resolves: #8690

Signed-off-by: Shen Zhi <m13120163046@163.com>
---
 src/client/src/tscServer.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/client/src/tscServer.c b/src/client/src/tscServer.c
index 4d592211d0..24b9bf1a17 100644
--- a/src/client/src/tscServer.c
+++ b/src/client/src/tscServer.c
@@ -1534,6 +1534,21 @@ int tscBuildCreateTableMsg(SSqlObj *pSql, SSqlInfo *pInfo) {
       pMsg += sizeof(SCreateTableMsg);
 
       SCreatedTableInfo* p = taosArrayGet(list, i);
+      //what pCreate->tableName point is a fixed char array which size is 237
+      //what p->fullname point is a char*
+      //before the time we copy p->fullname to pCreate->tableName , we need to check the length of p->fullname
+      try {
+          if (strlen(p->fullname) > 237) {
+            throw runtime_error("length of fullname should be less than 237");
+          }
+      }
+      catch (runtime_error err) {
+          cout << err.what() <<"\nMay you can reenter"<< endl;
+    
+          while (strlen(p->fullname) > 237) {
+              scanf("%s", p->fullname);
+          }
+      }
       strcpy(pCreate->tableName, p->fullname);
       pCreate->igExists = (p->igExist)? 1 : 0;
 
-- 
GitLab