[CDRIVER-152] When calling API mongo_get_primary if mongo->primary has not been initalized results on memory overrun (REOPENING) Created: 24/Jun/12  Updated: 19/Oct/16  Resolved: 28/Jul/12

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: TBD
Fix Version/s: 0.6, 0.7

Type: Bug Priority: Major - P3
Reporter: Jose Sebastian Battig Assignee: Gary Murakami
Resolution: Duplicate Votes: 0
Labels: driver
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Visual C++


Issue Links:
Duplicate
duplicates CDRIVER-147 When calling API mongo_get_primary if... Closed
Backwards Compatibility: Major Change

 Description   

primary pointer is allocated here:

MONGO_EXPORT void mongo_replset_init( mongo *conn, const char *name ) {
mongo_init( conn );

conn->replset = bson_malloc( sizeof( mongo_replset ) );
conn->replset->primary_connected = 0;
conn->replset->seeds = NULL;
conn->replset->hosts = NULL;
conn->replset->name = ( char * )bson_malloc( strlen( name ) + 1 );
memcpy( conn->replset->name, name, strlen( name ) + 1 );

conn->primary = bson_malloc( sizeof( mongo_host_port ) );
}

As you can see, the structure is not initialized in any shape or form.
If a call to mongo_get_primary is performed right after this, a fatal memory overrun will occur at the driver level and the only solution for this is shutting down the application using the driver and starting it again.

I solved the problem adding the following code after the malloc of primary:

/* JSB */
conn->primary->host[0] = (char)NULL;
conn->primary->next = NULL;

And changing the following function to be aware of NULL value on the first char of host array.

MONGO_EXPORT const char* mongo_get_primary(mongo* conn) {
mongo* conn_ = (mongo*)conn;
/* JSB */
if (conn_>primary>host[0])
return get_host_port(conn->primary);
else return NULL;
}



 Comments   
Comment by Gary Murakami [ 28/Jul/12 ]

Fixed in CDRIVER-147 - When calling API mongo_get_primary if mongo->primary has not been initalized results on memory overun
The commit probably should have been on this issue, but that's now history, and it is fixed thanks to Asya.

Comment by Jose Sebastian Battig [ 24/Jun/12 ]

I have re-opened this issue because the problem is indeed not solved.
The way the code was written it's checking for the pointer to the string value, not the value of the first character of the pointed string.

Generated at Wed Feb 07 21:08:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.