[TD-5534]<fix>:fix the coverity high risk of client

a960f0ff · markswang · 33580725 · a960f0ff · a960f0ff · a960f0ff
6 changed file
--- a/src/client/src/TSDBJNIConnector.c
+++ b/src/client/src/TSDBJNIConnector.c
@@ -728,6 +728,7 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_prepareStmtImp(J
  int32_t code = taos_stmt_prepare(pStmt, str, len);
  if (code != TSDB_CODE_SUCCESS) {
    jniError("jobj:%p, conn:%p, code:%s", jobj, tscon, tstrerror(code));
+    free(str);
    return JNI_TDENGINE_ERROR;
  }

@@ -919,6 +920,10 @@ JNIEXPORT jint JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_setTableNameTagsI
  char* curTags = tagsData;

  TAOS_BIND *tagsBind = calloc(numOfTags, sizeof(TAOS_BIND));
+  if (tagsBind == NULL) {
+    jniError("numOfTags:%d, alloc memory failed", numOfTags);
+    return JNI_OUT_OF_MEMORY;
+  }
  for(int32_t i = 0; i < numOfTags; ++i) {
    tagsBind[i].buffer_type = typeArray[i];
    tagsBind[i].buffer  = curTags;
@@ -941,9 +946,10 @@ JNIEXPORT jint JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_setTableNameTagsI

  if (code != TSDB_CODE_SUCCESS) {
    jniError("jobj:%p, conn:%p, code:%s", jobj, tsconn, tstrerror(code));
+    free(tagsBind);
    return JNI_TDENGINE_ERROR;
  }
-
+  free(tagsBind);
  return JNI_SUCCESS;
 }

@@ -957,7 +963,10 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_insertLinesImp(J

  int numLines = (*env)->GetArrayLength(env, lines);
  char** c_lines = calloc(numLines, sizeof(char*));
-
+  if (c_lines == NULL) {
+    jniError("c_lines:%d, alloc memory failed", c_lines);
+    return JNI_OUT_OF_MEMORY;
+  }
  for (int i = 0; i < numLines; ++i) {
    jstring line = (jstring) ((*env)->GetObjectArrayElement(env, lines, i));
    c_lines[i] = (char*)(*env)->GetStringUTFChars(env, line, 0);
@@ -972,8 +981,10 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_insertLinesImp(J

  if (code != TSDB_CODE_SUCCESS) {
    jniError("jobj:%p, conn:%p, code:%s", jobj, taos, tstrerror(code));
+    free(c_lines);
    return JNI_TDENGINE_ERROR;
  }

+  free(c_lines);
  return code;
 }
\ No newline at end of file
--- a/src/client/src/tscParseLineProtocol.c
+++ b/src/client/src/tscParseLineProtocol.c
@@ -411,6 +411,11 @@ int32_t loadTableMeta(TAOS* taos, char* tableName, SSmlSTableSchema* schema) {
  taos_free_result(res);

  SSqlObj* pSql = calloc(1, sizeof(SSqlObj));
+  if (pSql == NULL){
+      tscError("failed to allocate memory, reason:%s", strerror(errno));
+      code = TSDB_CODE_TSC_OUT_OF_MEMORY;
+      return code;
+  }
  pSql->pTscObj = taos;
  pSql->signature = pSql;
  pSql->fp = NULL;
@@ -421,11 +426,13 @@ int32_t loadTableMeta(TAOS* taos, char* tableName, SSmlSTableSchema* schema) {
  if (tscValidateName(&tableToken) != TSDB_CODE_SUCCESS) {
    code = TSDB_CODE_TSC_INVALID_TABLE_ID_LENGTH;
    sprintf(pSql->cmd.payload, "table name is invalid");
+    tscFreeSqlObj(pSql);
    return code;
  }

  SName sname = {0};
  if ((code = tscSetTableFullName(&sname, &tableToken, pSql)) != TSDB_CODE_SUCCESS) {
+    tscFreeSqlObj(pSql);
    return code;
  }
  char  fullTableName[TSDB_TABLE_FNAME_LEN] = {0};
@@ -607,6 +614,10 @@ static int32_t changeChildTableTagValue(TAOS* taos, const char* cTableName, cons
 static int32_t creatChildTableIfNotExists(TAOS* taos, const char* cTableName, const char* sTableName, SArray* tagsSchema, SArray* tagsBind) {
  size_t numTags = taosArrayGetSize(tagsSchema);
  char* sql = malloc(tsMaxSQLStringLen+1);
+  if (sql == NULL) {
+    tscError("malloc sql memory error");
+    return TSDB_CODE_TSC_OUT_OF_MEMORY;
+  }
  int freeBytes = tsMaxSQLStringLen + 1;
  sprintf(sql, "create table if not exists %s using %s", cTableName, sTableName);

@@ -628,24 +639,31 @@ static int32_t creatChildTableIfNotExists(TAOS* taos, const char* cTableName, co
  tscDebug("create table : %s", sql);

  TAOS_STMT* stmt = taos_stmt_init(taos);
+  if (stmt == NULL) {
+    free(sql);
+    return TSDB_CODE_TSC_OUT_OF_MEMORY;
+  }
  int32_t code;
  code = taos_stmt_prepare(stmt, sql, (unsigned long)strlen(sql));
  free(sql);

  if (code != 0) {
    tscError("%s", taos_stmt_errstr(stmt));
+    free(stmt);
    return code;
  }

  code = taos_stmt_bind_param(stmt, TARRAY_GET_START(tagsBind));
  if (code != 0) {
    tscError("%s", taos_stmt_errstr(stmt));
+    free(stmt);
    return code;
  }

  code = taos_stmt_execute(stmt);
  if (code != 0) {
    tscError("%s", taos_stmt_errstr(stmt));
+    free(stmt);
    return code;
  }

@@ -660,6 +678,11 @@ static int32_t creatChildTableIfNotExists(TAOS* taos, const char* cTableName, co
 static int32_t insertChildTableBatch(TAOS* taos,  char* cTableName, SArray* colsSchema, SArray* rowsBind) {
  size_t numCols = taosArrayGetSize(colsSchema);
  char* sql = malloc(tsMaxSQLStringLen+1);
+  if (sql == NULL) {
+    tscError("malloc sql memory error");
+    return TSDB_CODE_TSC_OUT_OF_MEMORY;
+  }
+
  int32_t freeBytes = tsMaxSQLStringLen + 1 ;
  sprintf(sql, "insert into ? (");

@@ -681,11 +704,15 @@ static int32_t insertChildTableBatch(TAOS* taos,  char* cTableName, SArray* cols
  int32_t try = 0;

  TAOS_STMT* stmt = taos_stmt_init(taos);
-
+  if (stmt == NULL) {
+    free(sql);
+    return TSDB_CODE_TSC_OUT_OF_MEMORY;
+  }
  code = taos_stmt_prepare(stmt, sql, (unsigned long)strlen(sql));
  free(sql);

  if (code != 0) {
+    free(stmt);
    tscError("%s", taos_stmt_errstr(stmt));
    return code;
  }
@@ -694,6 +721,7 @@ static int32_t insertChildTableBatch(TAOS* taos,  char* cTableName, SArray* cols
    code = taos_stmt_set_tbname(stmt, cTableName);
    if (code != 0) {
      tscError("%s", taos_stmt_errstr(stmt));
+      free(stmt);
      return code;
    }

@@ -703,11 +731,13 @@ static int32_t insertChildTableBatch(TAOS* taos,  char* cTableName, SArray* cols
      code = taos_stmt_bind_param(stmt, colsBinds);
      if (code != 0) {
        tscError("%s", taos_stmt_errstr(stmt));
+        free(stmt);
        return code;
      }
      code = taos_stmt_add_batch(stmt);
      if (code != 0) {
        tscError("%s", taos_stmt_errstr(stmt));
+        free(stmt);
        return code;
      }
    }
@@ -1627,7 +1657,7 @@ static int32_t parseSmlTimeStamp(TAOS_SML_KV **pTS, const char **index) {

 static int32_t parseSmlKey(TAOS_SML_KV *pKV, const char **index) {
  const char *cur = *index;
-  char key[TSDB_COL_NAME_LEN];
+  char key[TSDB_COL_NAME_LEN + 1];  // +1 to avoid 1685 line over write
  uint16_t len = 0;

  //key field cannot start with digit
@@ -1704,7 +1734,10 @@ static int32_t parseSmlMeasurement(TAOS_SML_DATA_POINT *pSml, const char **index
  const char *cur = *index;
  uint16_t len = 0;

-  pSml->stableName = calloc(TSDB_TABLE_NAME_LEN, 1);
+  pSml->stableName = calloc(TSDB_TABLE_NAME_LEN + 1, 1);    // +1 to avoid 1772 line over write
+  if (pSml->stableName == NULL){
+      return TSDB_CODE_TSC_OUT_OF_MEMORY;
+  }
  if (isdigit(*cur)) {
    tscError("Measurement field cannnot start with digit");
    free(pSml->stableName);

--- a/src/client/src/tscPrepare.c
+++ b/src/client/src/tscPrepare.c
@@ -1628,8 +1628,8 @@ int taos_stmt_set_tbname_tags(TAOS_STMT* stmt, const char* name, TAOS_BIND* tags
  if (pStmt->mtb.subSet && taosHashGetSize(pStmt->mtb.pTableHash) > 0) {
    STableMetaInfo* pTableMetaInfo = tscGetTableMetaInfoFromCmd(pCmd, 0);
    STableMeta* pTableMeta = pTableMetaInfo->pTableMeta;
-    char sTableName[TSDB_TABLE_FNAME_LEN];
-    strncpy(sTableName, pTableMeta->sTableName, sizeof(sTableName));
+    char sTableName[TSDB_TABLE_FNAME_LEN + 1] = {0};
+    strncpy(sTableName, pTableMeta->sTableName, sizeof(sTableName) - 1);

    SStrToken tname = {0};
    tname.type = TK_STRING;

--- a/src/client/src/tscSQLParser.c
+++ b/src/client/src/tscSQLParser.c
@@ -421,7 +421,8 @@ int32_t readFromFile(char *name, uint32_t *len, void **buf) {
    tfree(*buf);
    return TSDB_CODE_TSC_APP_ERROR;
  }
-
+  close(fd);
+  tfree(*buf);
  return TSDB_CODE_SUCCESS;
 }

@@ -8110,7 +8111,8 @@ int32_t loadAllTableMeta(SSqlObj* pSql, struct SSqlInfo* pInfo) {
  assert(maxSize < 80 * TSDB_MAX_COLUMNS);
  if (!pSql->pBuf) {
    if (NULL == (pSql->pBuf = tcalloc(1, 80 * TSDB_MAX_COLUMNS))) {
-      return TSDB_CODE_TSC_OUT_OF_MEMORY;
+      code = TSDB_CODE_TSC_OUT_OF_MEMORY;
+      goto _end;
    }
  }
  pTableMeta = calloc(1, maxSize);
@@ -8351,14 +8353,18 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS

  // create dummy table meta info
  STableMetaInfo* pTableMetaInfo1 = calloc(1, sizeof(STableMetaInfo));
+  if (pTableMetaInfo1 == NULL) {
+    return TSDB_CODE_TSC_OUT_OF_MEMORY;
+  }
  pTableMetaInfo1->pTableMeta = extractTempTableMetaFromSubquery(pSub);

  if (subInfo->aliasName.n > 0) {
    if (subInfo->aliasName.n >= TSDB_TABLE_FNAME_LEN) {
+      free(pTableMetaInfo1);
      return invalidOperationMsg(msgBuf, "subquery alias name too long");
    }

-    strncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, subInfo->aliasName.n);
+    strncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, MIN(subInfo->aliasName.n, sizeof(pTableMetaInfo1->aliasName) - 1));
  }

  taosArrayPush(pQueryInfo->pUpstream, &pSub);
@@ -8368,6 +8374,7 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS

  STableMetaInfo** tmp = realloc(pQueryInfo->pTableMetaInfo, (pQueryInfo->numOfTables + 1) * POINTER_BYTES);
  if (tmp == NULL) {
+    free(pTableMetaInfo1);
    return TSDB_CODE_TSC_OUT_OF_MEMORY;
  }


--- a/src/client/src/tscServer.c
+++ b/src/client/src/tscServer.c
@@ -164,7 +164,7 @@ static void tscUpdateVgroupInfo(SSqlObj *pSql, SRpcEpSet *pEpSet) {
  vgroupInfo.inUse    = pEpSet->inUse;
  vgroupInfo.numOfEps = pEpSet->numOfEps;
  for (int32_t i = 0; i < vgroupInfo.numOfEps; i++) {
-    strncpy(vgroupInfo.ep[i].fqdn, pEpSet->fqdn[i], TSDB_FQDN_LEN);
+    strncpy(vgroupInfo.ep[i].fqdn, pEpSet->fqdn[i], TSDB_FQDN_LEN);   // buffer not null terminated risk
    vgroupInfo.ep[i].port = pEpSet->port[i];
  }

@@ -2048,8 +2048,12 @@ int tscProcessTableMetaRsp(SSqlObj *pSql) {
  assert(pTableMetaInfo->pTableMeta == NULL);

  STableMeta* pTableMeta = tscCreateTableMetaFromMsg(pMetaMsg);
+  if (pTableMeta == NULL){
+    return TSDB_CODE_TSC_OUT_OF_MEMORY;
+  }
  if (!tIsValidSchema(pTableMeta->schema, pTableMeta->tableInfo.numOfColumns, pTableMeta->tableInfo.numOfTags)) {
    tscError("0x%"PRIx64" invalid table meta from mnode, name:%s", pSql->self, tNameGetTableName(&pTableMetaInfo->name));
+    free(pTableMeta);
    return TSDB_CODE_TSC_INVALID_VALUE;
  }


--- a/src/common/src/tname.c
+++ b/src/common/src/tname.c
@@ -319,7 +319,7 @@ int32_t tNameGetDbName(const SName* name, char* dst) {

 int32_t tNameGetFullDbName(const SName* name, char* dst) {
  assert(name != NULL && dst != NULL);
-  snprintf(dst, TSDB_ACCT_ID_LEN + TS_PATH_DELIMITER_LEN + TSDB_DB_NAME_LEN,
+  snprintf(dst, TSDB_ACCT_ID_LEN + TS_PATH_DELIMITER_LEN + TSDB_DB_NAME_LEN,    // there is a over write risk
      "%s.%s", name->acctId, name->dbname);
  return 0;
 }