[CDRIVER-1228] BCON_NEW segfault with 3 items in list Created: 09/May/16  Updated: 03/May/17  Resolved: 25/May/16

Status: Closed
Project: C Driver
Component/s: libbson
Affects Version/s: 1.3.3
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Dan Bauman Assignee: A. Jesse Jiryu Davis
Resolution: Done Votes: 0
Labels: crash
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

RHEL7



 Description   

    bson_t * query;
    query = BCON_NEW("$and","[",
                                 "{", "a", BCON_INT32(1), "}",
                                 "{", "b", "{", "$gte", BCON_INT32(1), "}", "}",
                                 "{", "b", "{", "$lt", BCON_INT32(3), "}", "}",
                             "]");
    //prove it looks right
    size_t *s;
    const char * as_json;
    as_json = bson_as_json(query, s);

crashes on bson_as_json call.

Comment out any single one of the 3 documents in the and list and it works fine.



 Comments   
Comment by A. Jesse Jiryu Davis [ 25/May/16 ]

Dan, I think this is because you're passing an uninitialized pointer-to-nowhere as the second parameter. You need:

size_t s;
as_json = bson_as_json (query, &s);

Or, since you're not using the size:

as_json = bson_as_json (query, NULL);

The fact that it happens to crash with some configurations and not others is irksome but expected: your program's behavior is "undefined" according to the C standard.

Comment by Dan Bauman [ 09/May/16 ]

that was ugly

test.c

#include <bson.h>
#include <bcon.h>
 
int
main (int   argc,
      char *argv[])
{
 
    bson_t * query;
    query = BCON_NEW("$and","[",
                                                       "{", "a", BCON_INT32(1), "}",
                                                       "{", "b", "{", "$gte", BCON_INT32(1), "}", "}",
                                                       "{", "b", "{", "$lt", BCON_INT32(3), "}", "}",
                                                   "]");
    //prove it looks right
    size_t *s;
    const char * as_json;
    as_json = bson_as_json(query, s);
    printf("%s\n", as_json);
    return 0;
}

Generated at Wed Feb 07 21:11:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.