[CDRIVER-1420] mongoc_collection_find_indexes can return freed memory Created: 27/Jul/16 Updated: 10/Aug/16 Resolved: 27/Jul/16 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc |
| Affects Version/s: | 1.1.11 |
| Fix Version/s: | 1.4.0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | A. Jesse Jiryu Davis | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Description |
|
mongoc_collection_find_indexes has special handling for two kinds of errors. If it encounters some other error, it returns a pointer to a freed mongoc_cursor_t. This sets up the caller for a use-after-free crash. |
| Comments |
| Comment by Githook User [ 27/Jul/16 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: |
| Comment by Githook User [ 27/Jul/16 ] |
|
Author: {u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}Message: |