Fix mangrove crash #43
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Crash observed when document length is 257 byte, for example. It represents as '0x01 01 00 00'. In this case '_bytes_read == _len' equal to 1 and callback is called with partial buffer (only 1 byte actually). This cause later crash in 'to_dotted_notation_document' Signed-off-by: Abylay Ospan <aospan@netup.ru>
rkargon
reviewed
Sep 14, 2018
| @@ -67,7 +67,7 @@ int bson_output_streambuf::insert(int ch) { | |||
| } | |||
|
|
|||
| // This creates the document from the given bytes, and calls the user-provided callback. | |||
| if (_bytes_read == _len) { | |||
| if (_bytes_read == _len && _len > 4) { | |||
There was a problem hiding this comment.
How about earlier(e..g line 54) just returning early if _bytes_read < 4, so we're never dealing with an invalid _len in the later code?
|
Wow, good catch! |
|
@rkargon tnx :) BTW, better to implement: then we shouldn't care about buffer assembly and avoid byte-by-byte copy (which can slow down whole process) |
With mongo-cxx-3.2+ we have exception:
terminate called after throwing an instance of
'bsoncxx::v_noabi::exception'
what(): can't convert builder to a valid view: unmatched key
while using embedded documents. For example:
{
"name" : "Jenny",
"contact_info" :
{
"type" : "home"
}
}
we have called twice:
1. for "contact_info" key
2. for "contact_info.type" key
in mongo-cxx-3.2+ we can't call key_view/key_owned twice. Otherwise we
receive exception as described above.
Signed-off-by: Abylay Ospan <aospan@netup.ru>
Incorrect fix revert. This reverts commit 4f0c9e9.
With modern mongo-cxx (tested on 3.3.1) we have exception while using
embedded documents:
terminate called after throwing an instance of
'bsoncxx::v_noabi::exception'
what(): can't convert builder to a valid view: unmatched key
For example:
{
"name" : "Jenny",
"contact_info" :
{
"type" : "home"
}
}
we have called twice:
1. for "contact_info" key
2. for "contact_info.type" key
we can't call key_view/key_owned twice.
Otherwise we receive exception as described above.
Signed-off-by: Abylay Ospan <aospan@netup.ru>
This reverts commit 789d683.
With modern mongo-cxx (tested on 3.3.1) we have exception while using
embedded documents:
terminate called after throwing an instance of
'bsoncxx::v_noabi::exception'
what(): can't convert builder to a valid view: unmatched key
For example:
{
"name" : "Jenny",
"contact_info" :
{
"type" : "home"
}
}
we have called twice:
1. for "contact_info" key
2. for "contact_info.type" key
we can't call key_view/key_owned twice.
Otherwise we receive exception as described above.
Signed-off-by: Abylay Ospan <aospan@netup.ru>
Save 'key' if we do not in dot notation mode Signed-off-by: Abylay Ospan <aospan@netup.ru>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Crash observed when document length is 257 byte, for example.
It represents as '0x01 01 00 00'.
In this case '_bytes_read == _len' equal to 1 and callback is called
with partial buffer (only 1 byte actually). This cause later crash in
'to_dotted_notation_document'
Signed-off-by: Abylay Ospan aospan@netup.ru