Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-3592

check new buffer allocated size just before reallocating

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.17.0-beta, 1.17.0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None

      One of the assertions at the start of _mongoc_buffer_append is as follows:

         BSON_ASSERT ((buffer->datalen + data_size) < INT_MAX);

      The check of (buffer->datalen + data_size) is in the wrong place. Logically, it ensures that the allocated size of the buffer (not the actual utilized storage within the allocation) can be increased without overflowing INT_MAX. This check is only needed just before a reallocation of the buffer into a larger memory area.

      The check in its current place at the entry to the function is incorrect because upon entering the function after a reallocation of the buffer to a size of INT_MAX the assertion will fail, even when the actual buffer contents only occupy slightly more than INT_MAX/2.

      Other append functions nearby to _mongoc_buffer_append contain the same logic defect.

      The correct behavior is for the assertion to occur immediately preceding the call to bson_next_power_of_two.

            Assignee:
            roberto.sanchez@mongodb.com Roberto Sanchez
            Reporter:
            roberto.sanchez@mongodb.com Roberto Sanchez
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: