Details
-
Bug
-
Resolution: Done
-
Major - P3
-
None
-
2.0.7, 2.2.0
-
None
-
ALL
Description
When a log line is longer than 255 characters, RamLog::write() does a memcpy() from a string::c_str() without null-terminating the string buffer. I don't see any protection in the get functions (unless I'm missing something?), so we may get bad/bogus data (or even segv) when requesting the RamLog's contents.
https://github.com/mongodb/mongo/blob/master/src/mongo/util/ramlog.cpp#L51