[SERVER-7787] linenoise_utf8.cpp can read uninitialized memory, trigger Valgrind Created: 28/Nov/12 Updated: 11/Jul/16 Resolved: 28/Nov/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | None |
| Fix Version/s: | 2.2.3, 2.3.2 |
| Type: | Bug | Priority: | Trivial - P5 |
| Reporter: | Tad Marshall | Assignee: | Tad Marshall |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Participants: |
| Description |
|
The copyString32to8counted() routine reads a possible next 32-bit character from its input buffer before checking the count of characters. When called with a non-NUL-terminated string, this character may be uninitialized, triggering tools such as Valgrind to report a problem. The count is then checked and the character is ignored if the count indicates that the character is not part of the string to be read, so this is harmless except in edge cases (at page boundaries with the following page an unmapped virtual address). The code should should check the count first. |
| Comments |
| Comment by auto [ 08/Jan/13 ] |
|
Author: {u'date': u'2012-11-28T10:22:34Z', u'name': u'Tad Marshall', u'email': u'tad@10gen.com'}Message: Change the order of tests in copyString32to8counted() to check the count |
| Comment by auto [ 28/Nov/12 ] |
|
Author: {u'date': u'2012-11-28T10:22:34Z', u'email': u'tad@10gen.com', u'name': u'Tad Marshall'}Message: Change the order of tests in copyString32to8counted() to check the count |