[CDRIVER-1163] Segmentation fault when mongoc_read_concern_destroy() Created: 18/Mar/16 Updated: 03/May/17 Resolved: 20/Mar/16 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc |
| Affects Version/s: | 1.3.3, 1.3.4 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | Peng Xie | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Done | Votes: | 0 |
| Labels: | Bug, crash, driver | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Gentoo Linux X86_64 |
||
| Description |
|
Sometimes mongoc_read_concern_destroy() triggers a segmentation fault: mongoc_cursor_t *cursor = mongoc_collection_find(...); mongoc_cursor_destroy() calls mongoc_read_concern_destroy(), and the later crashes at bson_free (read_concern->level) |
| Comments |
| Comment by A. Jesse Jiryu Davis [ 20/Mar/16 ] | ||||||||||
|
Thanks for letting us know! | ||||||||||
| Comment by Peng Xie [ 19/Mar/16 ] | ||||||||||
|
It must be my fault. I found a bson_t object reused after bson_destroy(), and another one never be destroyed in my code. These misbehaviors hurt the memory allocator. After correction, no more segmentation fault is perceptible. Sorry to bother you. | ||||||||||
| Comment by Peng Xie [ 18/Mar/16 ] | ||||||||||
|