<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:15:44 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-2598] Coverity analysis defect 43915: Out-of-bounds read</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-2598</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;Out-of-bounds read from a buffer&lt;/p&gt;

&lt;p&gt;Defect 43915 (STATIC_C)&lt;br/&gt;
  Checker OVERRUN (subcategory read)&lt;br/&gt;
  File:  &lt;tt&gt;/src/bson/bson-timegm.c&lt;/tt&gt;&lt;br/&gt;
  Function &lt;tt&gt;timesub&lt;/tt&gt;&lt;br/&gt;
    /src/bson/bson-timegm.c, line: 349&lt;br/&gt;
    &lt;font color=&quot;red&quot;&gt;Checking &quot;i == 0L&quot; implies that &quot;i&quot; is 0 on the true branch.&lt;/font&gt; &lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;                hit = ((i == 0 &amp;amp;&amp;amp; lp-&amp;gt;ls_corr &amp;gt; 0) ||&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;    /src/bson/bson-timegm.c, line: 349&lt;br/&gt;
    &lt;font color=&quot;red&quot;&gt;Underrunning array &quot;sp-&amp;gt;lsis&quot; at element index -1 (byte offset -16) using index &quot;i - 1L&quot; (which evaluates to -1).&lt;/font&gt; &lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;                hit = ((i == 0 &amp;amp;&amp;amp; lp-&amp;gt;ls_corr &amp;gt; 0) ||&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
</description>
                <environment></environment>
        <key id="522634">CDRIVER-2598</key>
            <summary>Coverity analysis defect 43915: Out-of-bounds read</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13202">Works as Designed</resolution>
                                        <assignee username="jesse@mongodb.com">A. Jesse Jiryu Davis</assignee>
                                    <reporter username="xgen-internal-coverity">Coverity Collector User</reporter>
                        <labels>
                    </labels>
                <created>Thu, 5 Apr 2018 18:57:47 +0000</created>
                <updated>Fri, 27 Oct 2023 13:14:15 +0000</updated>
                            <resolved>Sun, 15 Apr 2018 20:23:15 +0000</resolved>
                                                    <fixVersion>1.10.0</fixVersion>
                                                        <votes>0</votes>
                                    <watches>0</watches>
                                                                                                                <comments>
                            <comment id="1864618" author="jesse" created="Sun, 15 Apr 2018 20:23:15 +0000"  >&lt;p&gt;In bson-timegm.c we&apos;ve vendored in some intricate clockwork to convert struct tm to a UNIX timestamp, which we use when parsing ISO 8601 datetimes from Javascript and converting them to BSON datetimes.&lt;/p&gt;

&lt;p&gt;Coverity has noticed that a particular routine, timesub, loops over an integer i, decrementing i with each loop, and it reads from a buffer at position i - 1, which seems like it could be equal to -1 in some scenarios. Coverity can&apos;t determine for certain whether this is a bug in our vendored code, and neither can I. What I can say for certain is that, due to how libbson uses timesub, i&apos;s starting position is always zero, so the loop in which i is used never actually executes.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|htlp7z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>