Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-147

When calling API mongo_get_primary if mongo->primary has not been initalized results on memory overun

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 0.6
    • Affects Version/s: TBD
    • Component/s: None
    • Environment:
      Visual C++
    • Major Change

      primary pointer is allocated here:

      MONGO_EXPORT void mongo_replset_init( mongo *conn, const char *name ) {
      mongo_init( conn );

      conn->replset = bson_malloc( sizeof( mongo_replset ) );
      conn->replset->primary_connected = 0;
      conn->replset->seeds = NULL;
      conn->replset->hosts = NULL;
      conn->replset->name = ( char * )bson_malloc( strlen( name ) + 1 );
      memcpy( conn->replset->name, name, strlen( name ) + 1 );

      conn->primary = bson_malloc( sizeof( mongo_host_port ) );
      }

      As you can see, the structure is not initialized in any shape or form.
      If a call to mongo_get_primary is performed right after this, a fatal memory overrun will occur at the driver level and the only solution for this is shutting down the application using the driver and starting it again.

      I solved the problem adding the following code after the malloc of primary:

      /* JSB */
      conn->primary->host[0] = (char)NULL;
      conn->primary->next = NULL;

      And changing the following function to be aware of NULL value on the first char of host array.

      MONGO_EXPORT const char* mongo_get_primary(mongo* conn) {
      mongo* conn_ = (mongo*)conn;
      /* JSB */
      if (conn_>primary>host[0])
      return get_host_port(conn->primary);
      else return NULL;
      }

            Assignee:
            kbanker Kyle Banker
            Reporter:
            k2xt Jose Sebastian Battig
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: