As noted in CDRIVER-2569, bson_append_binary asserts the binary payload is not NULL (but it is okay to use a non-NULL address with a zero length, which could be obtained from malloc(0), though bson_malloc(0) does return a NULL).
However, bson_value_copy on an empty binary payload will produce a value with a NULL payload, which means if we can retrieve an empty binary value, copy it, and then try appending that copy, we get an abort:
bson_t bson = BSON_INITIALIZER; bson_value_t value, value_copy; /* iter points to an empty BSON binary value */ value = bson_iter_value (&iter); bson_value_copy (&value, &value_copy); /* The following asserts since value_copy.value.v_binary.data is NULL */ BSON_APPEND_VALUE (&value_copy, "key", &value_copy);
Consider:
- loosening the restriction and allowing NULL to be passed to bson_append_binary. bson_append_utf8 allows NULL (but appends it as a NULL type instead of as an empty UTF8 string)
- changing bson_malloc to call the underlying allocator even for a zero length (which seems potentially dangerous, since users can override the allocator, and this would change how we're calling that allocator.
- causes
-
MONGOCRYPT-22 libmongocrypt aborts on empty decrypted bson binary values
- Closed
- is related to
-
CDRIVER-2569 Issues with empty binary value
- Closed