Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
taosdata
TDengine
提交
cf601b20
T
TDengine
项目概览
taosdata
/
TDengine
1 年多 前同步成功
通知
1185
Star
22016
Fork
4786
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
TDengine
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
cf601b20
编写于
11月 16, 2022
作者:
G
Ganlin Zhao
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
fix(query): ASAN heap buffer overflow
TD-20454
上级
aae34759
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
34 addition
and
1 deletion
+34
-1
source/libs/function/src/builtinsimpl.c
source/libs/function/src/builtinsimpl.c
+17
-0
source/libs/scalar/src/sclfunc.c
source/libs/scalar/src/sclfunc.c
+17
-1
未找到文件。
source/libs/function/src/builtinsimpl.c
浏览文件 @
cf601b20
...
...
@@ -4366,6 +4366,7 @@ static bool getHistogramBinDesc(SHistoFuncInfo* pInfo, char* binDescStr, int8_t
int32_t
numOfParams
=
cJSON_GetArraySize
(
binDesc
);
int32_t
startIndex
;
if
(
numOfParams
!=
4
)
{
cJSON_Delete
(
binDesc
);
return
false
;
}
...
...
@@ -4376,15 +4377,18 @@ static bool getHistogramBinDesc(SHistoFuncInfo* pInfo, char* binDescStr, int8_t
cJSON
*
infinity
=
cJSON_GetObjectItem
(
binDesc
,
"infinity"
);
if
(
!
cJSON_IsNumber
(
start
)
||
!
cJSON_IsNumber
(
count
)
||
!
cJSON_IsBool
(
infinity
))
{
cJSON_Delete
(
binDesc
);
return
false
;
}
if
(
count
->
valueint
<=
0
||
count
->
valueint
>
1000
)
{
// limit count to 1000
cJSON_Delete
(
binDesc
);
return
false
;
}
if
(
isinf
(
start
->
valuedouble
)
||
(
width
!=
NULL
&&
isinf
(
width
->
valuedouble
))
||
(
factor
!=
NULL
&&
isinf
(
factor
->
valuedouble
))
||
(
count
!=
NULL
&&
isinf
(
count
->
valuedouble
)))
{
cJSON_Delete
(
binDesc
);
return
false
;
}
...
...
@@ -4402,12 +4406,14 @@ static bool getHistogramBinDesc(SHistoFuncInfo* pInfo, char* binDescStr, int8_t
// linear bin process
if
(
width
->
valuedouble
==
0
)
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
for
(
int
i
=
0
;
i
<
counter
+
1
;
++
i
)
{
intervals
[
startIndex
]
=
start
->
valuedouble
+
i
*
width
->
valuedouble
;
if
(
isinf
(
intervals
[
startIndex
]))
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
startIndex
++
;
...
...
@@ -4416,22 +4422,26 @@ static bool getHistogramBinDesc(SHistoFuncInfo* pInfo, char* binDescStr, int8_t
// log bin process
if
(
start
->
valuedouble
==
0
)
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
if
(
factor
->
valuedouble
<
0
||
factor
->
valuedouble
==
0
||
factor
->
valuedouble
==
1
)
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
for
(
int
i
=
0
;
i
<
counter
+
1
;
++
i
)
{
intervals
[
startIndex
]
=
start
->
valuedouble
*
pow
(
factor
->
valuedouble
,
i
*
1
.
0
);
if
(
isinf
(
intervals
[
startIndex
]))
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
startIndex
++
;
}
}
else
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
...
...
@@ -4446,6 +4456,7 @@ static bool getHistogramBinDesc(SHistoFuncInfo* pInfo, char* binDescStr, int8_t
}
}
else
if
(
cJSON_IsArray
(
binDesc
))
{
/* user input bins */
if
(
binType
!=
USER_INPUT_BIN
)
{
cJSON_Delete
(
binDesc
);
return
false
;
}
numOfBins
=
cJSON_GetArraySize
(
binDesc
);
...
...
@@ -4453,6 +4464,7 @@ static bool getHistogramBinDesc(SHistoFuncInfo* pInfo, char* binDescStr, int8_t
cJSON
*
bin
=
binDesc
->
child
;
if
(
bin
==
NULL
)
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
int
i
=
0
;
...
...
@@ -4460,16 +4472,19 @@ static bool getHistogramBinDesc(SHistoFuncInfo* pInfo, char* binDescStr, int8_t
intervals
[
i
]
=
bin
->
valuedouble
;
if
(
!
cJSON_IsNumber
(
bin
))
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
if
(
i
!=
0
&&
intervals
[
i
]
<=
intervals
[
i
-
1
])
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
bin
=
bin
->
next
;
i
++
;
}
}
else
{
cJSON_Delete
(
binDesc
);
return
false
;
}
...
...
@@ -4482,6 +4497,8 @@ static bool getHistogramBinDesc(SHistoFuncInfo* pInfo, char* binDescStr, int8_t
}
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
true
;
}
...
...
source/libs/scalar/src/sclfunc.c
浏览文件 @
cf601b20
...
...
@@ -2620,6 +2620,7 @@ static bool getHistogramBinDesc(SHistoFuncBin **bins, int32_t *binNum, char *bin
int32_t
numOfParams
=
cJSON_GetArraySize
(
binDesc
);
int32_t
startIndex
;
if
(
numOfParams
!=
4
)
{
cJSON_Delete
(
binDesc
);
return
false
;
}
...
...
@@ -2630,15 +2631,18 @@ static bool getHistogramBinDesc(SHistoFuncBin **bins, int32_t *binNum, char *bin
cJSON
*
infinity
=
cJSON_GetObjectItem
(
binDesc
,
"infinity"
);
if
(
!
cJSON_IsNumber
(
start
)
||
!
cJSON_IsNumber
(
count
)
||
!
cJSON_IsBool
(
infinity
))
{
cJSON_Delete
(
binDesc
);
return
false
;
}
if
(
count
->
valueint
<=
0
||
count
->
valueint
>
1000
)
{
// limit count to 1000
cJSON_Delete
(
binDesc
);
return
false
;
}
if
(
isinf
(
start
->
valuedouble
)
||
(
width
!=
NULL
&&
isinf
(
width
->
valuedouble
))
||
(
factor
!=
NULL
&&
isinf
(
factor
->
valuedouble
))
||
(
count
!=
NULL
&&
isinf
(
count
->
valuedouble
)))
{
cJSON_Delete
(
binDesc
);
return
false
;
}
...
...
@@ -2656,12 +2660,14 @@ static bool getHistogramBinDesc(SHistoFuncBin **bins, int32_t *binNum, char *bin
// linear bin process
if
(
width
->
valuedouble
==
0
)
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
for
(
int
i
=
0
;
i
<
counter
+
1
;
++
i
)
{
intervals
[
startIndex
]
=
start
->
valuedouble
+
i
*
width
->
valuedouble
;
if
(
isinf
(
intervals
[
startIndex
]))
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
startIndex
++
;
...
...
@@ -2670,22 +2676,26 @@ static bool getHistogramBinDesc(SHistoFuncBin **bins, int32_t *binNum, char *bin
// log bin process
if
(
start
->
valuedouble
==
0
)
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
if
(
factor
->
valuedouble
<
0
||
factor
->
valuedouble
==
0
||
factor
->
valuedouble
==
1
)
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
for
(
int
i
=
0
;
i
<
counter
+
1
;
++
i
)
{
intervals
[
startIndex
]
=
start
->
valuedouble
*
pow
(
factor
->
valuedouble
,
i
*
1
.
0
);
if
(
isinf
(
intervals
[
startIndex
]))
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
startIndex
++
;
}
}
else
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
...
...
@@ -2700,6 +2710,7 @@ static bool getHistogramBinDesc(SHistoFuncBin **bins, int32_t *binNum, char *bin
}
}
else
if
(
cJSON_IsArray
(
binDesc
))
{
/* user input bins */
if
(
binType
!=
USER_INPUT_BIN
)
{
cJSON_Delete
(
binDesc
);
return
false
;
}
numOfBins
=
cJSON_GetArraySize
(
binDesc
);
...
...
@@ -2707,6 +2718,7 @@ static bool getHistogramBinDesc(SHistoFuncBin **bins, int32_t *binNum, char *bin
cJSON
*
bin
=
binDesc
->
child
;
if
(
bin
==
NULL
)
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
int
i
=
0
;
...
...
@@ -2714,16 +2726,19 @@ static bool getHistogramBinDesc(SHistoFuncBin **bins, int32_t *binNum, char *bin
intervals
[
i
]
=
bin
->
valuedouble
;
if
(
!
cJSON_IsNumber
(
bin
))
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
if
(
i
!=
0
&&
intervals
[
i
]
<=
intervals
[
i
-
1
])
{
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
false
;
}
bin
=
bin
->
next
;
i
++
;
}
}
else
{
cJSON_Delete
(
binDesc
);
return
false
;
}
...
...
@@ -2735,8 +2750,9 @@ static bool getHistogramBinDesc(SHistoFuncBin **bins, int32_t *binNum, char *bin
(
*
bins
)[
i
].
count
=
0
;
}
cJSON_Delete
(
binDesc
);
taosMemoryFree
(
intervals
);
cJSON_Delete
(
binDesc
);
return
true
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
