Uploaded image for project: 'Couchbase C client library libcouchbase'
  1. Couchbase C client library libcouchbase
  2. CCBC-51

In store.c :67 libcouchbase_store_by_key does not check for negative value for idx, causing seg fault when nodes are down

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0
    • Fix Version/s: None
    • Component/s: library
    • Security Level: Public
    • Labels:
      None
    • Environment:
      Centos 5.5, Couchbase server 1.8, libcouchbase 1

      Description

      I had 3 server nodes, 2 of which were down.

      When I ran my test program (to store a value), instead of reporting an error or using the remaining node, the program seg faulted.
      I traced this back to store.c :66, where vbucket_map(instance->vbucket_config, hashkey, nhashkey, &vb, &idx)
      returned -1 for the value idx (the index into the vbucket); this probably indicates that there was no valid index.
      The next line, 67, uses idx to reference a server struct. Using -1 causes an invalid memory access and the program crashes with a seg fault.

      server = instance->servers + (size_t)idx;

      There should be a statement to check the value idx is non negative before using it:

      # Subject Project Status CR V
      For Gerrit Dashboard: &For+CCBC-51=message:CCBC-51

        Activity

        Hide
        jamesoc James added a comment -

        Centos 5.7, not 5.5

        Show
        jamesoc James added a comment - Centos 5.7, not 5.5
        Show
        avsej Sergey Avseyev added a comment - http://review.couchbase.org/13091

          People

          • Assignee:
            avsej Sergey Avseyev
            Reporter:
            jamesoc James
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 4h
              4h
              Remaining:
              Remaining Estimate - 4h
              4h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Gerrit Reviews

                There are no open Gerrit changes