<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 09:08:59 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[MONGOCRYPT-568] Undefined behavior in _mongocrypt_buffer_copy_from_data_and_size when len == 0u</title>
                <link>https://jira.mongodb.org/browse/MONGOCRYPT-568</link>
                <project id="17481" key="MONGOCRYPT">Libmongocrypt</project>
                    <description>&lt;p&gt;&lt;tt&gt;_mongocrypt_buffer_copy_from_data_and_size(buf, data, len)&lt;/tt&gt; permits &lt;tt&gt;len == 0u&lt;/tt&gt; as long as &lt;tt&gt;data != NULL&lt;/tt&gt;, such as in &lt;tt&gt;_mc_FLE2UnindexedEncryptedValueCommon_parse&lt;/tt&gt; when &lt;tt&gt;mc_reader_get_remaining_length&lt;/tt&gt; returns &lt;tt&gt;0u&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;Invoking bson_malloc(0u)&lt;/tt&gt;&#160;returns a &lt;tt&gt;NULL&lt;/tt&gt; pointer which is &lt;a href=&quot;https://github.com/mongodb/libmongocrypt/blob/1524eac203e4145e9f4835e519f1e4663ff15953/src/mongocrypt-buffer.c#L497&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;immediately passed to&lt;/a&gt; &lt;tt&gt;memcpy(s1, s2, n)&lt;/tt&gt; as &lt;tt&gt;s1&lt;/tt&gt;, which may trigger the following UBSAN error:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;./src/mongocrypt-buffer.c:498:12: runtime error: null pointer passed as argument 1, which is declared to never be null&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;/usr/include/string.h:44:28: note: nonnull attribute specified here&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ./src/mongocrypt-buffer.c:498:12 in&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;The undefined behavior is specified &lt;a href=&quot;https://port70.net/~nsz/c/c99/n1256.html#7.21.1p2&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;as the following&lt;/a&gt;:&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;Where an argument declared as size_t n specifies the length of the array for a function, n can have the value zero on a call to that function. Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values, as described in 7.1.4.&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;where in 7.1.4 it states:&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;If an argument to a function has an invalid value (such as &lt;span class=&quot;error&quot;&gt;&amp;#91;...&amp;#93;&lt;/span&gt; a null pointer &lt;span class=&quot;error&quot;&gt;&amp;#91;...&amp;#93;&lt;/span&gt;) the behavior is undefined.&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;The specification for &lt;tt&gt;memcpy&lt;/tt&gt; does not explicitly state any exceptions, thus passing &lt;tt&gt;NULL&lt;/tt&gt; as &lt;tt&gt;s1&lt;/tt&gt; is considered UB.&lt;/p&gt;</description>
                <environment></environment>
        <key id="2308915">MONGOCRYPT-568</key>
            <summary>Undefined behavior in _mongocrypt_buffer_copy_from_data_and_size when len == 0u</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="ezra.chung@mongodb.com">Ezra Chung</assignee>
                                    <reporter username="ezra.chung@mongodb.com">Ezra Chung</reporter>
                        <labels>
                    </labels>
                <created>Thu, 6 Apr 2023 17:07:46 +0000</created>
                <updated>Sat, 28 Oct 2023 10:25:59 +0000</updated>
                            <resolved>Thu, 6 Apr 2023 20:30:00 +0000</resolved>
                                                    <fixVersion>1.8.0</fixVersion>
                    <fixVersion>1.8.0-alpha1</fixVersion>
                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="5331149" author="xgen-internal-githook" created="Thu, 6 Apr 2023 20:29:50 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Ezra Chung&apos;, &apos;email&apos;: &apos;88335979+eramongodb@users.noreply.github.com&apos;, &apos;username&apos;: &apos;eramongodb&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/MONGOCRYPT-568&quot; title=&quot;Undefined behavior in _mongocrypt_buffer_copy_from_data_and_size when len == 0u&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MONGOCRYPT-568&quot;&gt;&lt;del&gt;MONGOCRYPT-568&lt;/del&gt;&lt;/a&gt; Avoid calling memcpy with NULL argument in _mongocrypt_buffer_copy_from_data_and_size (#613)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/libmongocrypt/commit/dc2c7e6433eb46f119e5079c788fda3e3f50a1dc&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/libmongocrypt/commit/dc2c7e6433eb46f119e5079c788fda3e3f50a1dc&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5331148" author="mms-build@10gen.com" created="Thu, 6 Apr 2023 20:29:49 +0000"  >&lt;p&gt; &lt;a href=&quot;https://github.com/eramongodb&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;eramongodb&lt;/a&gt; merged a pull request (&lt;a href=&quot;https://github.com/mongodb/libmongocrypt/pull/613&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;MONGOCRYPT-568 Avoid calling memcpy with NULL argument in _mongocrypt_buffer_copy_from_data_and_size&lt;/a&gt;) into the following branch:&lt;br/&gt;
                       master: &lt;a href=&quot;https://github.com/eramongodb/libmongocrypt/commit/dc2c7e6433eb46f119e5079c788fda3e3f50a1dc&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;dc2c7e6433eb46f119e5079c788fda3e3f50a1dc&lt;/a&gt;&lt;/p&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="2280626">MONGOCRYPT-550</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i1m268:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                </customfields>
    </item>
</channel>
</rss>