[CDRIVER-3539] Callers of _mongoc_cluster_create_server_stream must check if the return is NULL Created: 12/Feb/20 Updated: 28/Oct/23 Resolved: 26/Jun/20 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc |
| Affects Version/s: | None |
| Fix Version/s: | 1.17.0-rc0, 1.17.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Kevin Albertson | Assignee: | Andrew Witten (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Epic Link: | Implement a spec-compliant connection pool |
| Description |
|
The call to _mongoc_cluster_create_server_stream takes a mongoc_stream_t to a server and an integer ID to the server. On success, it returns a mongoc_server_stream_t which contains the passed mongoc_stream_t and a copy of a mongoc_server_description_t. On failure, it returns NULL. Many callers appear to assume it does not return NULL. It may fail if it no server description is found for the server, which may happen during monitoring if the server description is removed by the rules of updating the topology description SDAM. This would likely cause a crash. |
| Comments |
| Comment by Kevin Albertson [ 11/Jan/23 ] |
|
The fix in https://github.com/mongodb/mongo-c-driver/commit/fa186b7ec970be9e335ff5788c16457a5fa423a2 is faulty. The bson_destroy(reply) calls result in a double free. This bug has gone away in 1.19.0, since |
| Comment by Githook User [ 11/Jul/20 ] |
|
Author: {'name': 'Andrew Witten', 'email': 'andrew.witten@mongodb.com', 'username': 'awitten1'}Message: Adds null checks after calls to _mongoc_cluster_create_server_stream. |
| Comment by Githook User [ 26/Jun/20 ] |
|
Author: {'name': 'Andrew Witten', 'email': 'andrew.witten@mongodb.com', 'username': 'awitten1'}Message: Adds null checks after calls to _mongoc_cluster_create_server_stream. |
| Comment by Andrew Witten (Inactive) [ 25/Jun/20 ] |