[SERVER-7787] linenoise_utf8.cpp can read uninitialized memory, trigger Valgrind Created: 28/Nov/12  Updated: 11/Jul/16  Resolved: 28/Nov/12

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: None
Fix Version/s: 2.2.3, 2.3.2

Type: Bug Priority: Trivial - P5
Reporter: Tad Marshall Assignee: Tad Marshall
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

The copyString32to8counted() routine reads a possible next 32-bit character from its input buffer before checking the count of characters. When called with a non-NUL-terminated string, this character may be uninitialized, triggering tools such as Valgrind to report a problem.

The count is then checked and the character is ignored if the count indicates that the character is not part of the string to be read, so this is harmless except in edge cases (at page boundaries with the following page an unmapped virtual address).

The code should should check the count first.



 Comments   
Comment by auto [ 08/Jan/13 ]

Author:

{u'date': u'2012-11-28T10:22:34Z', u'name': u'Tad Marshall', u'email': u'tad@10gen.com'}

Message: SERVER-7787 Do not read character before checking count

Change the order of tests in copyString32to8counted() to check the count
of input characters before reading a possibly uninitialized character.
Branch: v2.2
https://github.com/mongodb/mongo/commit/c814cb28686e5336f3cbc3753dc120cbfc43a854

Comment by auto [ 28/Nov/12 ]

Author:

{u'date': u'2012-11-28T10:22:34Z', u'email': u'tad@10gen.com', u'name': u'Tad Marshall'}

Message: SERVER-7787 Do not read character before checking count

Change the order of tests in copyString32to8counted() to check the count
of input characters before reading a possibly uninitialized character.
Branch: master
https://github.com/mongodb/mongo/commit/2557e9af57142f8334330c956bdcc8fb1cf481ab

Generated at Thu Feb 08 03:15:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.