Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: WT12.0.0, 8.3.0-rc0
Affects Version/s: None
Component/s: Configuration
Labels:
None

Assigned Teams:

Storage Engines - Foundations
Sprint:
None
Story Points:
2

Config parser reads beyond the end of given config buffer.

In the __config_process_value, if the config item type is WT_CONFIG_ITEM_NUM, then the value is parsed by calling strtoll.
The strtoll call expects null-terminated string and won's stop reading until it encounters 0 or non-numeric character.

For example, the following code will trigger the bug:

const char *s = "val=1";
uint8_t cfg[5];
memcpy(cfg, s, strlen(s));
...
WT_CONFIG conf;
WT_CONFIG_ITEM key, value;
__wt_config_initn(session, &conf, cfg, sizeof(cfg));
__wt_config_next(&conf, &key, &value);

Solution:
Parse config string only up to the length limit as specified in the given WT_CONFIG_ITEM.

related to

WT-16401 Remove redundant allocation while parsing metadata

Closed

WT-16417 failed: s-outdated-fixmes on infrequent-checks [wiredtiger @ 0b006ae3]

Needs Scheduling

Assignee:: Alex Blekhman
Reporter:: Alex Blekhman
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Dec 31 2025 06:49:46 AM UTC
Updated:: Jan 08 2026 01:11:21 AM UTC
Resolved:: Jan 06 2026 04:29:38 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates