[CDRIVER-3592] check new buffer allocated size just before reallocating Created: 25/Mar/20 Updated: 28/Oct/23 Resolved: 30/Mar/20 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.17.0-beta, 1.17.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Roberto Sanchez | Assignee: | Roberto Sanchez |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
One of the assertions at the start of _mongoc_buffer_append is as follows:
The check of (buffer->datalen + data_size) is in the wrong place. Logically, it ensures that the allocated size of the buffer (not the actual utilized storage within the allocation) can be increased without overflowing INT_MAX. This check is only needed just before a reallocation of the buffer into a larger memory area. The check in its current place at the entry to the function is incorrect because upon entering the function after a reallocation of the buffer to a size of INT_MAX the assertion will fail, even when the actual buffer contents only occupy slightly more than INT_MAX/2. Other append functions nearby to _mongoc_buffer_append contain the same logic defect. The correct behavior is for the assertion to occur immediately preceding the call to bson_next_power_of_two. |
| Comments |
| Comment by Githook User [ 30/Mar/20 ] |
|
Author: {'name': 'Roberto C. Sánchez', 'email': 'roberto@connexer.com', 'username': 'rcsanchez97'}Message: |