|
The program at https://github.com/p-mongo/tests/blob/master/lmc-empty-bson/test-handle-not-inited.c calls mongocrypt_new and then, without calling mongocrypt_init, it calls mongocrypt_ctx_new and mongocrypt_ctx_decrypt_init. This results in a segfault on my system:
|
speed% ./test-handle-not-inited
|
zsh: segmentation fault ./test-handle-not-inited
|
For reasons described in https://jira.mongodb.org/browse/MONGOCRYPT-241, libmongocrypt segfaulting makes the errors (even if they are originating in libmongocrypt consumers rather than libmongocrypt itself) difficult to debug, and potentially can produce DOS on applications.
I believe libmongocrypt should be performing more runtime checks on its data structures, such that it can fail with ordinary errors in cases of misuse rather than cause termination of the process into which it is loaded.
|