WIP: [TD-4872]<fix>: fix buffer overflow in -O3 build (#6593)

* [TD-4872]<fix>: fix buffer overflow in -O3 build * [TD-4872]<fix>: fix tasodemo buffer overflow with -O3 * [TD-4872]<fix>: fix tasodump buffer overflow with -O3
taosdata · Jun 24, 2021 · 069169e · 069169e
1 parent c1b8fd5
commit 069169e
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 6 deletions.
diff --git a/src/kit/taosdemo/taosdemo.c b/src/kit/taosdemo/taosdemo.c
@@ -5103,7 +5103,7 @@ static int32_t generateStbDataTail(
     } else {
         retLen = getRowDataFromSample(
                   data,
-                  remainderBufLen,
+                  remainderBufLen < MAX_DATA_SIZE ? remainderBufLen : MAX_DATA_SIZE,
                   startTime + superTblInfo->timeStampStep * k,
                   superTblInfo,
                   pSamplePos);

diff --git a/src/kit/taosdump/taosdump.c b/src/kit/taosdump/taosdump.c
@@ -29,6 +29,9 @@
 #define COMMAND_SIZE 65536
 //#define DEFAULT_DUMP_FILE "taosdump.sql"
 
+// for strncpy buffer overflow
+#define min(a, b) (((a) < (b)) ? (a) : (b))
+
 int  converStringToReadable(char *str, int size, char *buf, int bufsize);
 int  convertNCharToReadable(char *str, int size, char *buf, int bufsize);
 void taosDumpCharset(FILE *fp);
@@ -1119,12 +1122,11 @@ int taosGetTableDes(
   TAOS_FIELD *fields = taos_fetch_fields(res);
 
   tstrncpy(tableDes->name, table, TSDB_TABLE_NAME_LEN);
-
   while ((row = taos_fetch_row(res)) != NULL) {
     strncpy(tableDes->cols[count].field, (char *)row[TSDB_DESCRIBE_METRIC_FIELD_INDEX],
             fields[TSDB_DESCRIBE_METRIC_FIELD_INDEX].bytes);
     strncpy(tableDes->cols[count].type, (char *)row[TSDB_DESCRIBE_METRIC_TYPE_INDEX],
-            fields[TSDB_DESCRIBE_METRIC_TYPE_INDEX].bytes);
+            min(16, fields[TSDB_DESCRIBE_METRIC_TYPE_INDEX].bytes));
     tableDes->cols[count].length = *((int *)row[TSDB_DESCRIBE_METRIC_LENGTH_INDEX]);
     strncpy(tableDes->cols[count].note, (char *)row[TSDB_DESCRIBE_METRIC_NOTE_INDEX],
             fields[TSDB_DESCRIBE_METRIC_NOTE_INDEX].bytes);
@@ -1575,7 +1577,7 @@ int taosDumpDb(SDbInfo *dbInfo, struct arguments *arguments, FILE *fp, TAOS *tao
     tstrncpy(tableRecord.name, (char *)row[TSDB_SHOW_TABLES_NAME_INDEX],
             fields[TSDB_SHOW_TABLES_NAME_INDEX].bytes);
     tstrncpy(tableRecord.metric, (char *)row[TSDB_SHOW_TABLES_METRIC_INDEX],
-            fields[TSDB_SHOW_TABLES_METRIC_INDEX].bytes);
+            min(TSDB_TABLE_NAME_LEN, fields[TSDB_SHOW_TABLES_METRIC_INDEX].bytes));
 
     taosWrite(fd, &tableRecord, sizeof(STableRecord));
 

diff --git a/src/tfs/src/tfs.c b/src/tfs/src/tfs.c
@@ -480,11 +480,13 @@ static int tfsFormatDir(char *idir, char *odir) {
     return -1;
   }
 
-  if (realpath(wep.we_wordv[0], odir) == NULL) {
+  char tmp[PATH_MAX] = {0};
+  if (realpath(wep.we_wordv[0], tmp) == NULL) {
     terrno = TAOS_SYSTEM_ERROR(errno);
     wordfree(&wep);
     return -1;
   }
+  strcpy(odir, tmp);
 
   wordfree(&wep);
   return 0;

diff --git a/src/util/src/tconfig.c b/src/util/src/tconfig.c
@@ -151,7 +151,7 @@ static bool taosReadDirectoryConfig(SGlobalCfg *cfg, char *input_value) {
 
       wordfree(&full_path);
 
-      char tmp[1025] = {0};
+      char tmp[PATH_MAX] = {0};
       if (realpath(option, tmp) != NULL) {
         strcpy(option, tmp);
       }