Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-3592

check new buffer allocated size just before reallocating

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.17.0-beta, 1.17.0
    • Component/s: None
    • Labels:
      None

      Description

      One of the assertions at the start of _mongoc_buffer_append is as follows:

         BSON_ASSERT ((buffer->datalen + data_size) < INT_MAX);
      

      The check of (buffer->datalen + data_size) is in the wrong place. Logically, it ensures that the allocated size of the buffer (not the actual utilized storage within the allocation) can be increased without overflowing INT_MAX. This check is only needed just before a reallocation of the buffer into a larger memory area.

      The check in its current place at the entry to the function is incorrect because upon entering the function after a reallocation of the buffer to a size of INT_MAX the assertion will fail, even when the actual buffer contents only occupy slightly more than INT_MAX/2.

      Other append functions nearby to _mongoc_buffer_append contain the same logic defect.

      The correct behavior is for the assertion to occur immediately preceding the call to bson_next_power_of_two.

        Attachments

          Activity

            People

            Assignee:
            roberto.sanchez Roberto Sanchez
            Reporter:
            roberto.sanchez Roberto Sanchez
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: