Uploaded image for project: 'Couchbase C client library libcouchbase'
  1. Couchbase C client library libcouchbase
  2. CCBC-171

Invalid read in plugin-libevent.c

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 2.0.3
    • 1.0.7, 2.0.2
    • library
    • Security Level: Public
    • None
    • Centos 5.5, Couchbase server 1.8, libcouchbase 1.02

    Description

      In plugin-libevent.c, event_new() mallocs a "struct event", which is not initialized, then passes it to event_assign(), which passes it into event_base_set(), causing an invalid read. We picked it up during a valgrind run of our program.

      See lines 47 - 78 here: https://github.com/couchbase/libcouchbase/blob/master/plugins/io/libevent/plugin-libevent.c

      Proposed patch:

      Index: libcouchbase/src/plugin-libevent.c
      ===================================================================
      — libcouchbase/src/plugin-libevent.c (revision 16)
      +++ libcouchbase/src/plugin-libevent.c (working copy)
      @@ -47,7 +47,6 @@
      event_callback_fn callback,
      void *arg)

      { - event_base_set(base, ev); ev->ev_callback = callback; ev->ev_arg = arg; ev->ev_fd = fd; @@ -56,6 +55,7 @@ ev->ev_flags = EVLIST_INIT; ev->ev_ncalls = 0; ev->ev_pncalls = NULL; + event_base_set(base, ev); return 0; }

      Attachments

        For Gerrit Dashboard: CCBC-171
        # Subject Branch Project Status CR V
        24316,2 CCBC-171 Fix invalid read in libevent plugin master libcouchbase Status: MERGED +2 +1

        Activity

          People

            avsej Sergey Avseyev
            jamesoc James
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 2h
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty