[CCBC-171] Invalid read in plugin-libevent.c Created: 23/Jan/13 Updated: 06/Feb/13 Resolved: 31/Jan/13 |
|
| Status: | Closed |
| Project: | Couchbase C client library libcouchbase |
| Component/s: | library |
| Affects Version/s: | 1.0.7, 2.0.2 |
| Fix Version/s: | 2.0.3 |
| Security Level: | Public |
| Type: | Bug | Priority: | Major |
| Reporter: | James | Assignee: | Sergey Avseyev |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | 2h | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | 2h | ||
| Environment: | Centos 5.5, Couchbase server 1.8, libcouchbase 1.02 | ||
| Description |
|
In plugin-libevent.c, event_new() mallocs a "struct event", which is not initialized, then passes it to event_assign(), which passes it into event_base_set(), causing an invalid read. We picked it up during a valgrind run of our program.
See lines 47 - 78 here: https://github.com/couchbase/libcouchbase/blob/master/plugins/io/libevent/plugin-libevent.c Proposed patch: Index: libcouchbase/src/plugin-libevent.c =================================================================== --- libcouchbase/src/plugin-libevent.c (revision 16) +++ libcouchbase/src/plugin-libevent.c (working copy) @@ -47,7 +47,6 @@ event_callback_fn callback, void *arg) { - event_base_set(base, ev); ev->ev_callback = callback; ev->ev_arg = arg; ev->ev_fd = fd; @@ -56,6 +55,7 @@ ev->ev_flags = EVLIST_INIT; ev->ev_ncalls = 0; ev->ev_pncalls = NULL; + event_base_set(base, ev); return 0; } |
| Comments |
| Comment by Sergey Avseyev [ 31/Jan/13 ] |
| http://review.couchbase.org/24316 |