<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:35:12 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[GODRIVER-895] bsonrw.valueReader does not verify length of string before slice for CodeWithScope</title>
                <link>https://jira.mongodb.org/browse/GODRIVER-895</link>
                <project id="14289" key="GODRIVER">Go Driver</project>
                    <description>&lt;p&gt;Within the &lt;tt&gt;ReadCodeWithScope&lt;/tt&gt; method of &lt;tt&gt;bsonrw.valueReader&lt;/tt&gt; we don&apos;t check the length of &lt;tt&gt;strBytes&lt;/tt&gt; before attempting to remove the null byte. This can cause a panic if the BSON is invalid and &lt;tt&gt;strLength&lt;/tt&gt; is 0.&lt;/p&gt;

&lt;p&gt;To fix this we need to check the length of &lt;tt&gt;strBytes&lt;/tt&gt; and if it&apos;s 0 we need to return an error because the BSON is invalid.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Thanks to&#160;&lt;a href=&quot;https://twitter.com/dgryski&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;@dgryski&lt;/a&gt; for raising this.&lt;/p&gt;</description>
                <environment></environment>
        <key id="720900">GODRIVER-895</key>
            <summary>bsonrw.valueReader does not verify length of string before slice for CodeWithScope</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="isabella.siu@mongodb.com">Isabella Siu</assignee>
                                    <reporter username="kris.brandow@mongodb.com">Kristofer Brandow</reporter>
                        <labels>
                    </labels>
                <created>Thu, 21 Mar 2019 23:44:52 +0000</created>
                <updated>Sat, 28 Oct 2023 11:39:02 +0000</updated>
                            <resolved>Fri, 21 Feb 2020 16:09:46 +0000</resolved>
                                    <version>1.0.0</version>
                                    <fixVersion>1.3.1</fixVersion>
                                    <component>BSON</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="2889880" author="xgen-internal-githook" created="Fri, 21 Feb 2020 22:37:47 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;iwysiu&apos;, &apos;username&apos;: &apos;iwysiu&apos;, &apos;email&apos;: &apos;isabella.siu@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-895&quot; title=&quot;bsonrw.valueReader does not verify length of string before slice for CodeWithScope&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-895&quot;&gt;&lt;del&gt;GODRIVER-895&lt;/del&gt;&lt;/a&gt; check if strLength is 0 in ReadCodeWithScope (#311)&lt;br/&gt;
Branch: release/1.3&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/98345d4df1d99c616bddd5e228b0bf11d9f2811f&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/98345d4df1d99c616bddd5e228b0bf11d9f2811f&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2888791" author="xgen-internal-githook" created="Fri, 21 Feb 2020 16:08:38 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;iwysiu&apos;, &apos;username&apos;: &apos;iwysiu&apos;, &apos;email&apos;: &apos;isabella.siu@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-895&quot; title=&quot;bsonrw.valueReader does not verify length of string before slice for CodeWithScope&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-895&quot;&gt;&lt;del&gt;GODRIVER-895&lt;/del&gt;&lt;/a&gt; check if strLength is 0 in ReadCodeWithScope (#311)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/0d3123c45e386a6de8f2443ab0d981b685e54e56&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/0d3123c45e386a6de8f2443ab0d981b685e54e56&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr8bav:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>