[CDRIVER-2299] Write past end of buffer in bson_decimal128_to_string Created: 25/Sep/17 Updated: 28/Oct/23 Resolved: 27/Sep/17 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libbson |
| Affects Version/s: | 1.4.1 |
| Fix Version/s: | 1.9.0 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | A. Jesse Jiryu Davis | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Description |
|
When libbson translates to JSON the following decimal 128 data: 00110000001100000011000000110000001100000011000000110000001100000011000000110000001100000011000000110000111111111111111110000000 It should stringify it as: -1.036812917280316154812861194857272E-6015 Instead it stringifies it incorrectly as: -1.0368129172803161548128611948572720E-6015 The trailing zero is out of spec (there should only be 34 decimal digits, the "0" makes 35) and causes libbson to write a byte past the end of its fixed-size string buffer. This is low-impact: the byte past the end of a 43-byte buffer won't be used for anything by a compiler that word-aligns the following object. |
| Comments |
| Comment by Githook User [ 03/Oct/17 ] |
|
Author: {'email': 'jesse@mongodb.com', 'name': 'A. Jesse Jiryu Davis', 'username': 'ajdavis'}Message: |