Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-895

bsonrw.valueReader does not verify length of string before slice for CodeWithScope

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 1.0.0
    • Fix Version/s: 1.3.1
    • Component/s: BSON
    • Labels:
      None

      Description

      Within the ReadCodeWithScope method of bsonrw.valueReader we don't check the length of strBytes before attempting to remove the null byte. This can cause a panic if the BSON is invalid and strLength is 0.

      To fix this we need to check the length of strBytes and if it's 0 we need to return an error because the BSON is invalid.

       

      Thanks to @dgryski for raising this.

        Attachments

          Activity

            People

            Assignee:
            isabella.siu Isabella Siu (Inactive)
            Reporter:
            kris.brandow Kristofer Brandow (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: