[MONGOCRYPT-554] _fle2_finalize is missing calls to bson_destroy in an error case / double-initializing bson_t Created: 09/Mar/23 Updated: 28/Oct/23 Resolved: 14/Mar/23 |
|
| Status: | Closed |
| Project: | Libmongocrypt |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.7.3 |
| Type: | Bug | Priority: | Unknown |
| Reporter: | Zachary Espiritu | Assignee: | Kevin Albertson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Binding Changes: | Not Needed |
| Description |
|
In _fle2_finalize in mongocrypt-ctx-encrypt.c, there are two potential memory leak errors that occur:
— To reproduce, use
|
| Comments |
| Comment by Githook User [ 20/Mar/23 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message:
`bson_copy_to` initializes the destination |
| Comment by Githook User [ 14/Mar/23 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message:
`bson_copy_to` initializes the destination |
| Comment by Githook User [ 14/Mar/23 ] |
|
Author: {'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}Message:
`bson_copy_to` initializes the destination |
| Comment by Kevin Albertson [ 14/Mar/23 ] |
|
Thank you for the report.
Good catch. The error path does not appear to be exercised by tests.
Was this discovered by building the C driver with -DBSON_MEMCHECK? If yes, the C driver (and libmongocrypt) no longer test building with -DBSON_MEMCHECK. Testing with BSON_MEMCHECK was removed in this commit. Documented use of BSON_MEMCHECK was removed in this commit. We do not intend to the check with BSON_MEMCHECK. BSON_MEMCHECK added development difficulty (breaking ABI of bson_t) and rarely discovered legitimate leaks. |