Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-2006

mongoc_gridfs_find_one_with_opts(): the error parameter is not initialized on failure

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.7.0
    • Affects Version/s: 1.5.3
    • Component/s: GridFS
    • None

      And yet again we have a situation when despite a failed status, the error parameter is not initialized. Now starring mongoc_gridfs_find_one_with_opts().

      I am maybe paranoid, but this lack of consistency is pretty serious. Adding to that, these types of errors can lead to anything from innocent garbage spills to breach in security to sporadic crashes, etc.

      As a counter-measure, I'd suggest users explicitly initialize error containers with something like BSON_ERROR_INITIALIZER. It won't solve the inconsistency reporting problem, but at least it will prevent adverse consequences of uninitialized values.

      The example:

      #include <mongoc.h>
      
      int main() {
      	mongoc_client_t *client;
      	mongoc_gridfs_t *gridfs;
      	mongoc_gridfs_file_t *file;
      
      	bson_t query = BSON_INITIALIZER;
      	bson_error_t error;
      
      	mongoc_init();
      
      	client = mongoc_client_new("mongodb://127.0.0.1");
      	BSON_ASSERT(client);
      	gridfs = mongoc_client_get_gridfs(client, "test-gridfs", 0, &error);
      	BSON_ASSERT(gridfs);
      	BSON_ASSERT(mongoc_gridfs_drop(gridfs, &error)); // Make sure GridFS is clean
      
      	file = mongoc_gridfs_find_one_with_opts(gridfs, &query, 0, &error);
      	BSON_ASSERT(!file);
      	
      	printf("Domain: %u, code: %u, message: %s\n", error.domain, error.code, error.message);
      
      	mongoc_gridfs_destroy(gridfs);
      	mongoc_client_destroy(client);
      	mongoc_cleanup();
      	return 0;
      }
      

      The output:

      $ ./a.out
      Domain: 1740548756, code: 0, message: PO�gQ
      

      Valgrind:

      ...
      ==759== Use of uninitialised value of size 8
      ==759==    at 0x53131EB: _itoa_word (in /usr/lib/libc-2.24.so)
      ==759==    by 0x5317909: vfprintf (in /usr/lib/libc-2.24.so)
      ==759==    by 0x531E278: printf (in /usr/lib/libc-2.24.so)
      ==759==    by 0x400B4A: main (libmongoc4.c:22)
      ==759==
      ==759== Conditional jump or move depends on uninitialised value(s)
      ==759==    at 0x53131F5: _itoa_word (in /usr/lib/libc-2.24.so)
      ==759==    by 0x5317909: vfprintf (in /usr/lib/libc-2.24.so)
      ==759==    by 0x531E278: printf (in /usr/lib/libc-2.24.so)
      ==759==    by 0x400B4A: main (libmongoc4.c:22)
      ==759==
      ==759== Conditional jump or move depends on uninitialised value(s)
      ==759==    at 0x5317A11: vfprintf (in /usr/lib/libc-2.24.so)
      ==759==    by 0x531E278: printf (in /usr/lib/libc-2.24.so)
      ==759==    by 0x400B4A: main (libmongoc4.c:22)
      ...
      

            Assignee:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Reporter:
            neoxic Arseny Vakhrushev
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: