[CDRIVER-2299] Write past end of buffer in bson_decimal128_to_string Created: 25/Sep/17  Updated: 28/Oct/23  Resolved: 27/Sep/17

Status: Closed
Project: C Driver
Component/s: libbson
Affects Version/s: 1.4.1
Fix Version/s: 1.9.0

Type: Bug Priority: Minor - P4
Reporter: A. Jesse Jiryu Davis Assignee: A. Jesse Jiryu Davis
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CDRIVER-1145 Implement Decimal 128 type spec Closed

 Description   

When libbson translates to JSON the following decimal 128 data:

00110000001100000011000000110000001100000011000000110000001100000011000000110000001100000011000000110000111111111111111110000000

It should stringify it as:

-1.036812917280316154812861194857272E-6015

Instead it stringifies it incorrectly as:

-1.0368129172803161548128611948572720E-6015

The trailing zero is out of spec (there should only be 34 decimal digits, the "0" makes 35) and causes libbson to write a byte past the end of its fixed-size string buffer.

This is low-impact: the byte past the end of a 43-byte buffer won't be used for anything by a compiler that word-aligns the following object.



 Comments   
Comment by Githook User [ 03/Oct/17 ]

Author:

{'email': 'jesse@mongodb.com', 'name': 'A. Jesse Jiryu Davis', 'username': 'ajdavis'}

Message: CDRIVER-2299 fix bson_decimal128_to_string overflow
Branch: master
https://github.com/mongodb/libbson/commit/a7ad680180221511725e60b737e806cb6e84b8ad

Generated at Wed Feb 07 21:14:48 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.