[CDRIVER-2280] Out-of-bounds write in legacy insert Created: 13/Sep/17 Updated: 27/Oct/23 Resolved: 10/Jan/18 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.10.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Coverity Collector User | Assignee: | Roberto Sanchez |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
Out-of-bounds write to a buffer Defect 102107 (STATIC_C)
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 712
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 712
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 712
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 712
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 744
File: /src/mongoc/mongoc-write-command-legacy.c
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 712
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 712
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 712
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 744
File: /src/mongoc/mongoc-write-command-legacy.c
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 712
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 712
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 744
File: /src/mongoc/mongoc-write-command-legacy.c
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 712
/src/mongoc/mongoc-write-command-legacy.c, line: 713
/src/mongoc/mongoc-write-command-legacy.c, line: 744
|
| Comments |
| Comment by Roberto Sanchez [ 08/Jan/18 ] |
|
jesse, I have started looking at this issue and I think that it is spurious. By my reading of the code, the two BSON_ASSERT statements at the top of the while loop appear to perform the necessary bounds checks. I suspect that coverity may not interpret those statements correctly, as the output in the initial ticket write up seems to imply that it only notices that the values are being accessed. In any event, the coverity site appears to be down so I don't I think can do anything with trying to resolve this unless there is another means by which I can run the coverity checks directly from the command line. |
| Comment by A. Jesse Jiryu Davis [ 13/Sep/17 ] |
|
Sounds good to me. |
| Comment by Hannes Magnusson [ 13/Sep/17 ] |
|
Not sure how number of documents in the current batch can be larger then the number of documents total. There are slight changes coming to that function as part of the 2.4 removal, I'd like to wait with fixing this until that is merged to see if it'll automatically be fixed then. |
| Comment by A. Jesse Jiryu Davis [ 13/Sep/17 ] |
|
Hannes this is in the new mongoc-write-command-legacy.c file. If possible, could you investigate? |