[CDRIVER-2569] Issues with empty binary value Created: 25/Mar/18  Updated: 28/Oct/23  Resolved: 09/Jul/18

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: 1.9.3
Fix Version/s: 1.12.0

Type: Bug Priority: Major - P3
Reporter: Kevin Albertson Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CDRIVER-3340 Appending a bson_value_t containing a... Closed

 Description   

Trying to bson_append a binary value with NULL data asserts.

bson_t ex = BSON_INITIALIZER;
/* this asserts */
bson_append_binary (&ex, "a", 1, BSON_SUBTYPE_BINARY, NULL /* data */, 0);

The assertion occurs here.

I think an empty binary value should be valid. From bsonspec.org:

binary	::=	int32 subtype (byte*)

Additionally, it seems we can decode JSON with an empty binary value:

bson_t ex = BSON_INITIALIZER;
#define JSON(s) #s
char* json = JSON({"a": {"$binary": {"base64": "", "subType": "0"}}});
bson_init_from_json (&ex, json, strlen(json), NULL);

But we can get UBSAN errors when copying a bson_value_t of an empty binary value here:

memcpy (dst->value.v_binary.data,
        src->value.v_binary.data,
        dst->value.v_binary.data_len);



 Comments   
Comment by Githook User [ 09/Jul/18 ]

Author:

{'username': 'kevinAlbs', 'name': 'Kevin Albertson', 'email': 'kevin.albertson@10gen.com'}

Message: CDRIVER-2569 fix ub with empty binary
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/3f9339663b556abcbeeeb616a7420283d794bb70

Comment by Kevin Albertson [ 26/Mar/18 ]

Let's do the following:

  • update the documentation to say that NULL is prohibited from bson_append_binary.
  • write a test verifying that passing a zero length uint8_t array still works (use malloc(0) instead of a zero length array)
  • fix bson_value_copy to avoid calling memcpy if the binary data is NULL
Comment by Kevin Albertson [ 25/Mar/18 ]

Ah yeah, this seems to work:

uint8_t arr[0];
bson_t ex = BSON_INITIALIZER;
bson_append_binary (&ex, "a", 1, BSON_SUBTYPE_BINARY, arr /* data */, 0);

Although I'm not sure if arr is guaranteed to be non-zero.

Comment by A. Jesse Jiryu Davis [ 25/Mar/18 ]

Is NULL prohibited but non-NULL with zero length allowed?

Generated at Wed Feb 07 21:15:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.