Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-721

Crash destroying replset client after connection fails

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Blocker - P1 Blocker - P1
    • 1.2-beta1
    • Affects Version/s: 1.1.8
    • Component/s: libmongoc
    • Labels:
      None

      Connect mongoc_client_t with a replset URI containing no valid hosts:

      "mongodb://a,b/?replicaSet=foo"

      Do an operation that requires a connection, like mongoc_collection_find, then call mongoc_client_destroy. nodes_len is now the length of the seed list, but "nodes" itself is NULL because it was set to "bson_realloc (0)". Segfault here:

      https://github.com/mongodb/mongo-c-driver/blob/1.1.8/src/mongoc/mongoc-cluster.c#L576

      I introduced the bug in 1.1.8 while attempting to fix CDRIVER-695, here:

      https://github.com/mongodb/mongo-c-driver/commit/19d2da28257ea3ae24cf3f832d16487b5628314c#diff-f2707266016fd5d134ea334ccdd752e9L2207

            Assignee:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Reporter:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: