Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-3592

check new buffer allocated size just before reallocating

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 1.17.0-beta, 1.17.0
    • None
    • None

    Description

      One of the assertions at the start of _mongoc_buffer_append is as follows:

         BSON_ASSERT ((buffer->datalen + data_size) < INT_MAX);
      

      The check of (buffer->datalen + data_size) is in the wrong place. Logically, it ensures that the allocated size of the buffer (not the actual utilized storage within the allocation) can be increased without overflowing INT_MAX. This check is only needed just before a reallocation of the buffer into a larger memory area.

      The check in its current place at the entry to the function is incorrect because upon entering the function after a reallocation of the buffer to a size of INT_MAX the assertion will fail, even when the actual buffer contents only occupy slightly more than INT_MAX/2.

      Other append functions nearby to _mongoc_buffer_append contain the same logic defect.

      The correct behavior is for the assertion to occur immediately preceding the call to bson_next_power_of_two.

      Attachments

        Activity

          People

            roberto.sanchez@mongodb.com Roberto Sanchez
            roberto.sanchez@mongodb.com Roberto Sanchez
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: