Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.7, 2.0.2
    • Fix Version/s: 2.0.3
    • Component/s: library
    • Security Level: Public
    • Labels:
      None
    • Environment:
      Centos 5.5, Couchbase server 1.8, libcouchbase 1.02

      Description

      In plugin-libevent.c, event_new() mallocs a "struct event", which is not initialized, then passes it to event_assign(), which passes it into event_base_set(), causing an invalid read. We picked it up during a valgrind run of our program.

      See lines 47 - 78 here: https://github.com/couchbase/libcouchbase/blob/master/plugins/io/libevent/plugin-libevent.c

      Proposed patch:

      Index: libcouchbase/src/plugin-libevent.c
      ===================================================================
      — libcouchbase/src/plugin-libevent.c (revision 16)
      +++ libcouchbase/src/plugin-libevent.c (working copy)
      @@ -47,7 +47,6 @@
      event_callback_fn callback,
      void *arg)

      { - event_base_set(base, ev); ev->ev_callback = callback; ev->ev_arg = arg; ev->ev_fd = fd; @@ -56,6 +55,7 @@ ev->ev_flags = EVLIST_INIT; ev->ev_ncalls = 0; ev->ev_pncalls = NULL; + event_base_set(base, ev); return 0; }
      No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

        jamesoc James created issue -
        avsej Sergey Avseyev made changes -
        Field Original Value New Value
        Fix Version/s 2.0.3 [ 10470 ]
        avsej Sergey Avseyev made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        avsej Sergey Avseyev made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        brett19 Brett Lawson made changes -
        Workflow jira [ 23783 ] Couchbase SDK Workflow [ 43828 ]

          People

          • Assignee:
            avsej Sergey Avseyev
            Reporter:
            jamesoc James
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 2h
              2h
              Remaining:
              Remaining Estimate - 2h
              2h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Gerrit Reviews

                There are no open Gerrit changes