library crashes in instance.c libcouchbase_switch_to_backup_node.

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.1.0dp9
Fix Version/s: None
Component/s: library
Security Level: Public
Labels:
None
Environment:
Windows

Description

library crashes when accessing into allocated memory at instance->backup_nodes[instance->backup_idx].

instance->backup_nodes[instance->backup_idx] is not necessarily NULL when instance->backup_idx is >= instance->nbackup_nodes.

This was fixed by changing line 729 from:

    if (instance->backup_nodes[instance->backup_idx] == NULL) {
        --instance->backup_idx;
        libcouchbase_error_handler(instance, error, reason);
        return -1;
    }

to:

    if (instance->backup_idx >= instance->nbackup_nodes || instance->backup_nodes[instance->backup_idx] == NULL) {
        --instance->backup_idx;
        libcouchbase_error_handler(instance, error, reason);
        return -1;
    }

This prevents indexing past the number of backup_nodes that have been allocated.

Activity

Hide

Permalink

Sergey Avseyev added a comment - 07/Aug/12 6:25 PM

Thanks for report. Actually the issue was in backup_nodes initialization on line 364 http://review.couchbase.org/#patch,sidebyside,19339,1,src/instance.c

In patch http://review.couchbase.org/19339 I fixed the issue and also removed nbackup_nodes mentions

Show

Sergey Avseyev added a comment - 07/Aug/12 6:25 PM Thanks for report. Actually the issue was in backup_nodes initialization on line 364 http://review.couchbase.org/#patch,sidebyside,19339,1,src/instance.c In patch http://review.couchbase.org/19339 I fixed the issue and also removed nbackup_nodes mentions

People

Assignee:

Sergey Avseyev

Reporter:

Brett Harrison

Vote (0)

Watch (0)

Dates

Created:

07/Aug/12 12:28 PM

Updated:

13/Nov/12 4:21 AM

Resolved:

24/Aug/12 4:55 PM

Agile

View on Board