提交 56f327a5 编写于 作者: S Shen Zhi

Fix/td 8690 fix size buffer (STRING_OVERFLOW)

problem can be described as Copying p - > fullname without checking the length may overflow the 237 character fixed size string pcreate - > tablename.
I added a module to check the length and re-enter it before copying,
I wonder if that solved the problem.

Resolves: #8690
Signed-off-by: NShen Zhi <m13120163046@163.com>
上级 d145eb83
...@@ -1534,6 +1534,21 @@ int tscBuildCreateTableMsg(SSqlObj *pSql, SSqlInfo *pInfo) { ...@@ -1534,6 +1534,21 @@ int tscBuildCreateTableMsg(SSqlObj *pSql, SSqlInfo *pInfo) {
pMsg += sizeof(SCreateTableMsg); pMsg += sizeof(SCreateTableMsg);
SCreatedTableInfo* p = taosArrayGet(list, i); SCreatedTableInfo* p = taosArrayGet(list, i);
//what pCreate->tableName point is a fixed char array which size is 237
//what p->fullname point is a char*
//before the time we copy p->fullname to pCreate->tableName , we need to check the length of p->fullname
try {
if (strlen(p->fullname) > 237) {
throw runtime_error("length of fullname should be less than 237");
}
}
catch (runtime_error err) {
cout << err.what() <<"\nMay you can reenter"<< endl;
while (strlen(p->fullname) > 237) {
scanf("%s", p->fullname);
}
}
strcpy(pCreate->tableName, p->fullname); strcpy(pCreate->tableName, p->fullname);
pCreate->igExists = (p->igExist)? 1 : 0; pCreate->igExists = (p->igExist)? 1 : 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册