[CDRIVER-200] Memory scribble in 'bson_append' when level of nested objects exceeds 32 Created: 01/Mar/13  Updated: 19/Oct/16  Resolved: 05/Mar/13

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: 0.7.1
Fix Version/s: 0.8.1

Type: Bug Priority: Major - P3
Reporter: James Bird Assignee: Gary Murakami
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

All


Backwards Compatibility: Major Change

 Description   

The 'bson' structure currently has a hard-coded internal 'stack' of 32 elements. Overflow of this stack is not checked, and happens when you exceed 32 nested objects / arrays with bson_append_start_object / bson_append_start_array.

This is obviously by design, so I'm not sure how well this will be received, but I have implemented a patch (I'll attach a pull request later) in which this fixed-size stack is replaced with a dynamically resized stack. When resized, the stack is incremented by 32, so the additional cost for existing code is 1 malloc when the first object is appended, and 1 free when the structure is free'd. I've also added an additional unit test for deep nesting of bson objects, verified this patch by running it through all tests with valgrind.



 Comments   
Comment by Gary Murakami [ 05/Mar/13 ]

James, thanks a lot for your quick response to my suggestions and for an efficient working solution.

Comment by auto [ 02/Mar/13 ]

Author:

{u'date': u'2013-03-02T19:45:13Z', u'name': u'gjmurakami-10gen', u'email': u'gary.murakami@10gen.com'}

Message: Merge pull request #84 from jbrd/master

CDRIVER-200 Memory scribble in 'bson_append' when level of nested objects exceeds 32
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/537363726e4b4ec287ce8e776fdffd831352b37c

Comment by auto [ 02/Mar/13 ]

Author:

{u'date': u'2013-03-02T16:58:47Z', u'name': u'James Bird', u'email': u'jsb@dneg.com'}

Message: CDRIVER-200 _bson_append_grow_stack now doubles stack size, initially uses struct-local fixed-sized stack to avoid initial malloc
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/b1ea6e7bb3f5c16a73b627e5c343cf9814890346

Comment by auto [ 02/Mar/13 ]

Author:

{u'date': u'2013-03-01T12:15:52Z', u'name': u'James Bird', u'email': u'jsb@dneg.com'}

Message: CDRIVER-200 Memory scribble in 'bson_append' when level of nested objects exceeds 32
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/62e25d485b4e8b71cb440a99d019511f3b12fa15

Comment by James Bird [ 01/Mar/13 ]

Link to pull request: https://github.com/mongodb/mongo-c-driver/pull/84

Generated at Wed Feb 07 21:08:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.