[CDRIVER-147] When calling API mongo_get_primary if mongo->primary has not been initalized results on memory overun Created: 02/Jun/12  Updated: 19/Oct/16  Resolved: 03/Jun/12

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: TBD
Fix Version/s: 0.6

Type: Bug Priority: Major - P3
Reporter: Jose Sebastian Battig Assignee: Kyle Banker
Resolution: Done Votes: 0
Labels: driver
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Visual C++


Issue Links:
Duplicate
is duplicated by CDRIVER-152 When calling API mongo_get_primary if... Closed
Backwards Compatibility: Major Change

 Description   

primary pointer is allocated here:

MONGO_EXPORT void mongo_replset_init( mongo *conn, const char *name ) {
mongo_init( conn );

conn->replset = bson_malloc( sizeof( mongo_replset ) );
conn->replset->primary_connected = 0;
conn->replset->seeds = NULL;
conn->replset->hosts = NULL;
conn->replset->name = ( char * )bson_malloc( strlen( name ) + 1 );
memcpy( conn->replset->name, name, strlen( name ) + 1 );

conn->primary = bson_malloc( sizeof( mongo_host_port ) );
}

As you can see, the structure is not initialized in any shape or form.
If a call to mongo_get_primary is performed right after this, a fatal memory overrun will occur at the driver level and the only solution for this is shutting down the application using the driver and starting it again.

I solved the problem adding the following code after the malloc of primary:

/* JSB */
conn->primary->host[0] = (char)NULL;
conn->primary->next = NULL;

And changing the following function to be aware of NULL value on the first char of host array.

MONGO_EXPORT const char* mongo_get_primary(mongo* conn) {
mongo* conn_ = (mongo*)conn;
/* JSB */
if (conn_>primary>host[0])
return get_host_port(conn->primary);
else return NULL;
}



 Comments   
Comment by auto [ 28/Jul/12 ]

Author:

{u'date': u'2012-07-27T21:20:24-07:00', u'email': u'gary.murakami@10gen.com', u'name': u'Gary Murakami'}

Message: CDRIVER-147 When calling API mongo_get_primary if mongo->primary has not been initalized results on memory overun
fix as per comment from Asya - thanks!
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/226a3d2aa12f586f37f4dcd317a3c186f96976bc

Comment by Jose Sebastian Battig [ 24/Jun/12 ]

Asya comments are correct. Actually the version on GIT right now is wrong.

Comment by auto [ 03/Jun/12 ]

Author:

{u'login': u'banker', u'name': u'Kyle Banker', u'email': u'kylebanker@gmail.com'}

Message: CDRIVER-147 initialize conn->primary in mongo_replset_init
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/b4de4ebb9803da1fd7feb5690c97262c0956da2e

Comment by Jose Sebastian Battig [ 02/Jun/12 ]

I set priority Major to this report because of the fact when this bug becomes evident the application which loaded the driver becomes unusable because of the mem overrun

Generated at Wed Feb 07 21:08:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.