Loading...

Undo Transition
Closed

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: 1.4.0
Affects Version/s: 1.1.11
Component/s: libmongoc
Labels:
None

Confidence Status:
None

Backwards Compatibility:
Fully Compatible

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

mongoc_collection_find_indexes has special handling for two kinds of errors. If it encounters some other error, it returns a pointer to a freed mongoc_cursor_t. This sets up the caller for a use-after-free crash.

links to

https://github.com/mongodb/mongo-c-driver/pull/359

Assignee:: A. Jesse Jiryu Davis
Reporter:: A. Jesse Jiryu Davis
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Jul 27 2016 01:37:48 AM UTC
Updated:: Aug 10 2016 10:10:33 PM UTC
Resolved:: Jul 27 2016 08:11:49 AM UTC
Confidence Status Last Update:: 27/Jul/16 1:37 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates