[CDRIVER-45] unchecked malloc and realloc in gridfs_store_stream Created: 17/Feb/11  Updated: 03/May/17  Resolved: 17/Feb/11

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Jim Meyering Assignee: Kyle Banker
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

latest in git


Issue Links:
Duplicate
is duplicated by CDRIVER-43 avoid NULL-deref (gridfs_store_stream... Closed

 Description   

In gridfs_store_stream, there are unchecked malloc and realloc calls.
if any of those fail with NULL, the following code will dereference NULL,
probably provoking a segfault:

if ( to_write < gfs->chunk_len ) {
if( gfs->pending_data )

{ gfs->pending_data = (char *)realloc((void *)gfs->pending_data, gfs->pending_len + to_write); memcpy( gfs->pending_data + gfs->pending_len, data, length ); }

else if (to_write > 0)

{ gfs->pending_data = (char *)malloc(to_write); memcpy( gfs->pending_data, data, length ); }

gfs->pending_len += length;
} else {

I didn't try to fix it because I suspect the function is incomplete.
Its return type is "bson", yet there is no return statement.



 Comments   
Comment by Kyle Banker [ 17/Feb/11 ]

Thanks, Jim!

Comment by auto [ 17/Feb/11 ]

Author:

{u'login': u'banker', u'name': u'Kyle Banker', u'email': u'kylebanker@gmail.com'}

Message: CDRIVER-45 check calls to malloc and realloc
https://github.com/mongodb/mongo-c-driver/commit/f7aacc269bf52d9a42210dc3dc11ca4b813573e0

Generated at Wed Feb 07 21:08:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.