From a960f0ff790a3fc868171cd927753c34e8625d1c Mon Sep 17 00:00:00 2001 From: markswang <792637585@qq.com> Date: Mon, 26 Jul 2021 18:38:37 +0800 Subject: [PATCH] [TD-5534]:fix the coverity high risk of client --- src/client/src/TSDBJNIConnector.c | 15 +++++++++-- src/client/src/tscParseLineProtocol.c | 39 ++++++++++++++++++++++++--- src/client/src/tscPrepare.c | 4 +-- src/client/src/tscSQLParser.c | 13 ++++++--- src/client/src/tscServer.c | 6 ++++- src/common/src/tname.c | 2 +- 6 files changed, 67 insertions(+), 12 deletions(-) diff --git a/src/client/src/TSDBJNIConnector.c b/src/client/src/TSDBJNIConnector.c index c9b00800e6..667a689979 100644 --- a/src/client/src/TSDBJNIConnector.c +++ b/src/client/src/TSDBJNIConnector.c @@ -728,6 +728,7 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_prepareStmtImp(J int32_t code = taos_stmt_prepare(pStmt, str, len); if (code != TSDB_CODE_SUCCESS) { jniError("jobj:%p, conn:%p, code:%s", jobj, tscon, tstrerror(code)); + free(str); return JNI_TDENGINE_ERROR; } @@ -919,6 +920,10 @@ JNIEXPORT jint JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_setTableNameTagsI char* curTags = tagsData; TAOS_BIND *tagsBind = calloc(numOfTags, sizeof(TAOS_BIND)); + if (tagsBind == NULL) { + jniError("numOfTags:%d, alloc memory failed", numOfTags); + return JNI_OUT_OF_MEMORY; + } for(int32_t i = 0; i < numOfTags; ++i) { tagsBind[i].buffer_type = typeArray[i]; tagsBind[i].buffer = curTags; @@ -941,9 +946,10 @@ JNIEXPORT jint JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_setTableNameTagsI if (code != TSDB_CODE_SUCCESS) { jniError("jobj:%p, conn:%p, code:%s", jobj, tsconn, tstrerror(code)); + free(tagsBind); return JNI_TDENGINE_ERROR; } - + free(tagsBind); return JNI_SUCCESS; } @@ -957,7 +963,10 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_insertLinesImp(J int numLines = (*env)->GetArrayLength(env, lines); char** c_lines = calloc(numLines, sizeof(char*)); - + if (c_lines == NULL) { + jniError("c_lines:%d, alloc memory failed", c_lines); + return JNI_OUT_OF_MEMORY; + } for (int i = 0; i < numLines; ++i) { jstring line = (jstring) ((*env)->GetObjectArrayElement(env, lines, i)); c_lines[i] = (char*)(*env)->GetStringUTFChars(env, line, 0); @@ -972,8 +981,10 @@ JNIEXPORT jlong JNICALL Java_com_taosdata_jdbc_TSDBJNIConnector_insertLinesImp(J if (code != TSDB_CODE_SUCCESS) { jniError("jobj:%p, conn:%p, code:%s", jobj, taos, tstrerror(code)); + free(c_lines); return JNI_TDENGINE_ERROR; } + free(c_lines); return code; } \ No newline at end of file diff --git a/src/client/src/tscParseLineProtocol.c b/src/client/src/tscParseLineProtocol.c index d5883af7f6..f0e5017355 100644 --- a/src/client/src/tscParseLineProtocol.c +++ b/src/client/src/tscParseLineProtocol.c @@ -411,6 +411,11 @@ int32_t loadTableMeta(TAOS* taos, char* tableName, SSmlSTableSchema* schema) { taos_free_result(res); SSqlObj* pSql = calloc(1, sizeof(SSqlObj)); + if (pSql == NULL){ + tscError("failed to allocate memory, reason:%s", strerror(errno)); + code = TSDB_CODE_TSC_OUT_OF_MEMORY; + return code; + } pSql->pTscObj = taos; pSql->signature = pSql; pSql->fp = NULL; @@ -421,11 +426,13 @@ int32_t loadTableMeta(TAOS* taos, char* tableName, SSmlSTableSchema* schema) { if (tscValidateName(&tableToken) != TSDB_CODE_SUCCESS) { code = TSDB_CODE_TSC_INVALID_TABLE_ID_LENGTH; sprintf(pSql->cmd.payload, "table name is invalid"); + tscFreeSqlObj(pSql); return code; } SName sname = {0}; if ((code = tscSetTableFullName(&sname, &tableToken, pSql)) != TSDB_CODE_SUCCESS) { + tscFreeSqlObj(pSql); return code; } char fullTableName[TSDB_TABLE_FNAME_LEN] = {0}; @@ -607,6 +614,10 @@ static int32_t changeChildTableTagValue(TAOS* taos, const char* cTableName, cons static int32_t creatChildTableIfNotExists(TAOS* taos, const char* cTableName, const char* sTableName, SArray* tagsSchema, SArray* tagsBind) { size_t numTags = taosArrayGetSize(tagsSchema); char* sql = malloc(tsMaxSQLStringLen+1); + if (sql == NULL) { + tscError("malloc sql memory error"); + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } int freeBytes = tsMaxSQLStringLen + 1; sprintf(sql, "create table if not exists %s using %s", cTableName, sTableName); @@ -628,24 +639,31 @@ static int32_t creatChildTableIfNotExists(TAOS* taos, const char* cTableName, co tscDebug("create table : %s", sql); TAOS_STMT* stmt = taos_stmt_init(taos); + if (stmt == NULL) { + free(sql); + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } int32_t code; code = taos_stmt_prepare(stmt, sql, (unsigned long)strlen(sql)); free(sql); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } code = taos_stmt_bind_param(stmt, TARRAY_GET_START(tagsBind)); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } code = taos_stmt_execute(stmt); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } @@ -660,6 +678,11 @@ static int32_t creatChildTableIfNotExists(TAOS* taos, const char* cTableName, co static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* colsSchema, SArray* rowsBind) { size_t numCols = taosArrayGetSize(colsSchema); char* sql = malloc(tsMaxSQLStringLen+1); + if (sql == NULL) { + tscError("malloc sql memory error"); + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } + int32_t freeBytes = tsMaxSQLStringLen + 1 ; sprintf(sql, "insert into ? ("); @@ -681,11 +704,15 @@ static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* cols int32_t try = 0; TAOS_STMT* stmt = taos_stmt_init(taos); - + if (stmt == NULL) { + free(sql); + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } code = taos_stmt_prepare(stmt, sql, (unsigned long)strlen(sql)); free(sql); if (code != 0) { + free(stmt); tscError("%s", taos_stmt_errstr(stmt)); return code; } @@ -694,6 +721,7 @@ static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* cols code = taos_stmt_set_tbname(stmt, cTableName); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } @@ -703,11 +731,13 @@ static int32_t insertChildTableBatch(TAOS* taos, char* cTableName, SArray* cols code = taos_stmt_bind_param(stmt, colsBinds); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } code = taos_stmt_add_batch(stmt); if (code != 0) { tscError("%s", taos_stmt_errstr(stmt)); + free(stmt); return code; } } @@ -1627,7 +1657,7 @@ static int32_t parseSmlTimeStamp(TAOS_SML_KV **pTS, const char **index) { static int32_t parseSmlKey(TAOS_SML_KV *pKV, const char **index) { const char *cur = *index; - char key[TSDB_COL_NAME_LEN]; + char key[TSDB_COL_NAME_LEN + 1]; // +1 to avoid 1685 line over write uint16_t len = 0; //key field cannot start with digit @@ -1704,7 +1734,10 @@ static int32_t parseSmlMeasurement(TAOS_SML_DATA_POINT *pSml, const char **index const char *cur = *index; uint16_t len = 0; - pSml->stableName = calloc(TSDB_TABLE_NAME_LEN, 1); + pSml->stableName = calloc(TSDB_TABLE_NAME_LEN + 1, 1); // +1 to avoid 1772 line over write + if (pSml->stableName == NULL){ + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } if (isdigit(*cur)) { tscError("Measurement field cannnot start with digit"); free(pSml->stableName); diff --git a/src/client/src/tscPrepare.c b/src/client/src/tscPrepare.c index 7306523660..efdc24c899 100644 --- a/src/client/src/tscPrepare.c +++ b/src/client/src/tscPrepare.c @@ -1628,8 +1628,8 @@ int taos_stmt_set_tbname_tags(TAOS_STMT* stmt, const char* name, TAOS_BIND* tags if (pStmt->mtb.subSet && taosHashGetSize(pStmt->mtb.pTableHash) > 0) { STableMetaInfo* pTableMetaInfo = tscGetTableMetaInfoFromCmd(pCmd, 0); STableMeta* pTableMeta = pTableMetaInfo->pTableMeta; - char sTableName[TSDB_TABLE_FNAME_LEN]; - strncpy(sTableName, pTableMeta->sTableName, sizeof(sTableName)); + char sTableName[TSDB_TABLE_FNAME_LEN + 1] = {0}; + strncpy(sTableName, pTableMeta->sTableName, sizeof(sTableName) - 1); SStrToken tname = {0}; tname.type = TK_STRING; diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c index 9a3b36895d..2d5a3d524e 100644 --- a/src/client/src/tscSQLParser.c +++ b/src/client/src/tscSQLParser.c @@ -421,7 +421,8 @@ int32_t readFromFile(char *name, uint32_t *len, void **buf) { tfree(*buf); return TSDB_CODE_TSC_APP_ERROR; } - + close(fd); + tfree(*buf); return TSDB_CODE_SUCCESS; } @@ -8110,7 +8111,8 @@ int32_t loadAllTableMeta(SSqlObj* pSql, struct SSqlInfo* pInfo) { assert(maxSize < 80 * TSDB_MAX_COLUMNS); if (!pSql->pBuf) { if (NULL == (pSql->pBuf = tcalloc(1, 80 * TSDB_MAX_COLUMNS))) { - return TSDB_CODE_TSC_OUT_OF_MEMORY; + code = TSDB_CODE_TSC_OUT_OF_MEMORY; + goto _end; } } pTableMeta = calloc(1, maxSize); @@ -8351,14 +8353,18 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS // create dummy table meta info STableMetaInfo* pTableMetaInfo1 = calloc(1, sizeof(STableMetaInfo)); + if (pTableMetaInfo1 == NULL) { + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } pTableMetaInfo1->pTableMeta = extractTempTableMetaFromSubquery(pSub); if (subInfo->aliasName.n > 0) { if (subInfo->aliasName.n >= TSDB_TABLE_FNAME_LEN) { + free(pTableMetaInfo1); return invalidOperationMsg(msgBuf, "subquery alias name too long"); } - strncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, subInfo->aliasName.n); + strncpy(pTableMetaInfo1->aliasName, subInfo->aliasName.z, MIN(subInfo->aliasName.n, sizeof(pTableMetaInfo1->aliasName) - 1)); } taosArrayPush(pQueryInfo->pUpstream, &pSub); @@ -8368,6 +8374,7 @@ static int32_t doValidateSubquery(SSqlNode* pSqlNode, int32_t index, SSqlObj* pS STableMetaInfo** tmp = realloc(pQueryInfo->pTableMetaInfo, (pQueryInfo->numOfTables + 1) * POINTER_BYTES); if (tmp == NULL) { + free(pTableMetaInfo1); return TSDB_CODE_TSC_OUT_OF_MEMORY; } diff --git a/src/client/src/tscServer.c b/src/client/src/tscServer.c index f5d6765a5d..401e65efd4 100644 --- a/src/client/src/tscServer.c +++ b/src/client/src/tscServer.c @@ -164,7 +164,7 @@ static void tscUpdateVgroupInfo(SSqlObj *pSql, SRpcEpSet *pEpSet) { vgroupInfo.inUse = pEpSet->inUse; vgroupInfo.numOfEps = pEpSet->numOfEps; for (int32_t i = 0; i < vgroupInfo.numOfEps; i++) { - strncpy(vgroupInfo.ep[i].fqdn, pEpSet->fqdn[i], TSDB_FQDN_LEN); + strncpy(vgroupInfo.ep[i].fqdn, pEpSet->fqdn[i], TSDB_FQDN_LEN); // buffer not null terminated risk vgroupInfo.ep[i].port = pEpSet->port[i]; } @@ -2048,8 +2048,12 @@ int tscProcessTableMetaRsp(SSqlObj *pSql) { assert(pTableMetaInfo->pTableMeta == NULL); STableMeta* pTableMeta = tscCreateTableMetaFromMsg(pMetaMsg); + if (pTableMeta == NULL){ + return TSDB_CODE_TSC_OUT_OF_MEMORY; + } if (!tIsValidSchema(pTableMeta->schema, pTableMeta->tableInfo.numOfColumns, pTableMeta->tableInfo.numOfTags)) { tscError("0x%"PRIx64" invalid table meta from mnode, name:%s", pSql->self, tNameGetTableName(&pTableMetaInfo->name)); + free(pTableMeta); return TSDB_CODE_TSC_INVALID_VALUE; } diff --git a/src/common/src/tname.c b/src/common/src/tname.c index 26502c5d9c..5da48b2e9a 100644 --- a/src/common/src/tname.c +++ b/src/common/src/tname.c @@ -319,7 +319,7 @@ int32_t tNameGetDbName(const SName* name, char* dst) { int32_t tNameGetFullDbName(const SName* name, char* dst) { assert(name != NULL && dst != NULL); - snprintf(dst, TSDB_ACCT_ID_LEN + TS_PATH_DELIMITER_LEN + TSDB_DB_NAME_LEN, + snprintf(dst, TSDB_ACCT_ID_LEN + TS_PATH_DELIMITER_LEN + TSDB_DB_NAME_LEN, // there is a over write risk "%s.%s", name->acctId, name->dbname); return 0; } -- GitLab