Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None
Environment:
latest in git

Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

In gridfs_store_stream, there are unchecked malloc and realloc calls.
if any of those fail with NULL, the following code will dereference NULL,
probably provoking a segfault:

if ( to_write < gfs->chunk_len ) {
if( gfs->pending_data )

{ gfs->pending_data = (char *)realloc((void *)gfs->pending_data, gfs->pending_len + to_write); memcpy( gfs->pending_data + gfs->pending_len, data, length ); }

else if (to_write > 0)

{ gfs->pending_data = (char *)malloc(to_write); memcpy( gfs->pending_data, data, length ); }

gfs->pending_len += length;
} else {

I didn't try to fix it because I suspect the function is incomplete.
Its return type is "bson", yet there is no return statement.

is duplicated by

CDRIVER-43 avoid NULL-deref (gridfs_store_stream_init API change)

Closed

Assignee:: Kyle Banker (Inactive)
Reporter:: Jim Meyering
Votes:: 0 Vote for this issue
Watchers:: 0 Start watching this issue

Created:: Feb 17 2011 04:54:20 PM UTC
Updated:: May 03 2017 10:14:27 PM UTC
Resolved:: Feb 17 2011 08:06:46 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates