Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-1860

BufBuilder copy, assignment memory double-frees memory

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Minor - P4 Minor - P4
    • 1.7.1
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • ALL

      This code issue is minor because it is not currently triggered by existing code.

      StringBuilder uses a BufBuilder (bson/util/builder.h) to manually manage a char buffer. The default copy constructor and operator= will shallow copy the data pointer, which will ultimately lead to freeing the memory multiple times. You can produce the issue with:
      {
      StringBuffer a;

      { StringBuffer b=a; }

      // b d'tor frees b.data, which == a.data

      { StringBuffer c(a); }

      // c d'tor frees a.data again

      } // a d'tor frees a.data again

            Assignee:
            alerner Alberto Lerner
            Reporter:
            akatayls Matt Taylor
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: