-
Type: Bug
-
Resolution: Fixed
-
Priority: Minor - P4
-
Affects Version/s: None
-
Component/s: uri
Bugs
Three minor issues if you feed the following PoCs into the "mongoc_uri_new" function.
This was against:
https://github.com/mongodb/mongo-c-driver/releases/download/1.8.2/mongo-c-driver-1.8.2.tar.gz
With ASAN on.
This is the script I used for testing:
https://gist.github.com/c0nrad/760fd1d34e39b7ed8f4442c622c90160
scan_to_unichar
READ of size 1
#7 0x000000000041c2ec in scan_to_unichar (terminators=<optimized out>, end=<synthetic pointer>, match=64, str=0x60200000ec50 "\350\003") at src/mongoc/mongoc-uri.c:159
PoC
0000000 6f6d 676e 646f 3a62 2f2f 03e8 0000 686c
0000010 736f 3a74 3732 3130 2f37 6574 7473 723f
0000020 7065 696c 6163 6573 3d74 6f66 006f
000002d
bson_utf8_get_char
READ of size 1
#7 0x00000000004763db in bson_utf8_get_char (utf8=utf8@entry=0x60200000ec30 "\372") at src/bson/bson-utf8.c:367
PoC:
0000000 6f6d 676e 646f 3a62 2f2f 00fa fa00 686c
0000010 736f 3a74 3732 3130 2f37 6574 7473 723f
0000020 7065 696c 6163 6573 3d74 6f66 006f
000002d
bson_string_append_unichar
precondition failed: unichar
#2 0x0000000000471ed2 in bson_string_append_unichar (string=string@entry=0x60200000ebf0, unichar=<optimized out>) at src/bson/bson-string.c:232
#3 0x0000000000412529 in mongoc_uri_unescape (escaped_string=escaped_string@entry=0x60200000ec10 "loca01te\332\213\300\200") at src/mongoc/mongoc-uri.c:1683
#4 0x0000000000412eff in mongoc_uri_do_unescape (str=<synthetic pointer>) at src/mongoc/mongoc-uri.c:76
#5 mongoc_uri_parse_host (uri=<optimized out>, str=<optimized out>, downcase=<optimized out>) at src/mongoc/mongoc-uri.c:367
PoC:
0000000 6f6d 676e 646f 3a62 2f2f 6f6c 6163 3130
0000010 6574 8bda 80c0 ff00 31ff 6574 8bda 8dc0
0000020 4063 6573 3d74 6f66 7361 0073
000002b
- is related to
-
CDRIVER-2403 Does libbson implement UTF-8 or CESU-8?
- Closed