[CCBC-171] Invalid read in plugin-libevent.c Created: 23/Jan/13  Updated: 06/Feb/13  Resolved: 31/Jan/13

Status: Closed
Project: Couchbase C client library libcouchbase
Component/s: library
Affects Version/s: 1.0.7, 2.0.2
Fix Version/s: 2.0.3
Security Level: Public

Type: Bug Priority: Major
Reporter: James Assignee: Sergey Avseyev
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: 2h
Time Spent: Not Specified
Original Estimate: 2h
Environment: Centos 5.5, Couchbase server 1.8, libcouchbase 1.02


 Description   
In plugin-libevent.c, event_new() mallocs a "struct event", which is not initialized, then passes it to event_assign(), which passes it into event_base_set(), causing an invalid read. We picked it up during a valgrind run of our program.

See lines 47 - 78 here: https://github.com/couchbase/libcouchbase/blob/master/plugins/io/libevent/plugin-libevent.c

Proposed patch:

Index: libcouchbase/src/plugin-libevent.c
===================================================================
--- libcouchbase/src/plugin-libevent.c (revision 16)
+++ libcouchbase/src/plugin-libevent.c (working copy)
@@ -47,7 +47,6 @@
              event_callback_fn callback,
              void *arg)
 {
- event_base_set(base, ev);
     ev->ev_callback = callback;
     ev->ev_arg = arg;
     ev->ev_fd = fd;
@@ -56,6 +55,7 @@
     ev->ev_flags = EVLIST_INIT;
     ev->ev_ncalls = 0;
     ev->ev_pncalls = NULL;
+ event_base_set(base, ev);

     return 0;
 }


 Comments   
Comment by Sergey Avseyev [ 31/Jan/13 ]
http://review.couchbase.org/24316
Generated at Fri Jul 11 18:23:31 CDT 2014 using JIRA 5.2.4#845-sha1:c9f4cc41abe72fb236945343a1f485c2c844dac9.