[CDRIVER-200] Memory scribble in 'bson_append' when level of nested objects exceeds 32 Created: 01/Mar/13 Updated: 19/Oct/16 Resolved: 05/Mar/13 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | 0.7.1 |
| Fix Version/s: | 0.8.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | James Bird | Assignee: | Gary Murakami |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
All |
||
| Backwards Compatibility: | Major Change |
| Description |
|
The 'bson' structure currently has a hard-coded internal 'stack' of 32 elements. Overflow of this stack is not checked, and happens when you exceed 32 nested objects / arrays with bson_append_start_object / bson_append_start_array. This is obviously by design, so I'm not sure how well this will be received, but I have implemented a patch (I'll attach a pull request later) in which this fixed-size stack is replaced with a dynamically resized stack. When resized, the stack is incremented by 32, so the additional cost for existing code is 1 malloc when the first object is appended, and 1 free when the structure is free'd. I've also added an additional unit test for deep nesting of bson objects, verified this patch by running it through all tests with valgrind. |
| Comments |
| Comment by Gary Murakami [ 05/Mar/13 ] |
|
James, thanks a lot for your quick response to my suggestions and for an efficient working solution. |
| Comment by auto [ 02/Mar/13 ] |
|
Author: {u'date': u'2013-03-02T19:45:13Z', u'name': u'gjmurakami-10gen', u'email': u'gary.murakami@10gen.com'}Message: Merge pull request #84 from jbrd/master
|
| Comment by auto [ 02/Mar/13 ] |
|
Author: {u'date': u'2013-03-02T16:58:47Z', u'name': u'James Bird', u'email': u'jsb@dneg.com'}Message: |
| Comment by auto [ 02/Mar/13 ] |
|
Author: {u'date': u'2013-03-01T12:15:52Z', u'name': u'James Bird', u'email': u'jsb@dneg.com'}Message: |
| Comment by James Bird [ 01/Mar/13 ] |
|
Link to pull request: https://github.com/mongodb/mongo-c-driver/pull/84 |