Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-2299

Write past end of buffer in bson_decimal128_to_string

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Minor - P4 Minor - P4
    • 1.9.0
    • Affects Version/s: 1.4.1
    • Component/s: libbson
    • Labels:
      None

      When libbson translates to JSON the following decimal 128 data:

      00110000001100000011000000110000001100000011000000110000001100000011000000110000001100000011000000110000111111111111111110000000

      It should stringify it as:

      -1.036812917280316154812861194857272E-6015

      Instead it stringifies it incorrectly as:

      -1.0368129172803161548128611948572720E-6015

      The trailing zero is out of spec (there should only be 34 decimal digits, the "0" makes 35) and causes libbson to write a byte past the end of its fixed-size string buffer.

      This is low-impact: the byte past the end of a 43-byte buffer won't be used for anything by a compiler that word-aligns the following object.

            Assignee:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Reporter:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: