Uploaded image for project: 'Couchbase C client library libcouchbase'
  1. Couchbase C client library libcouchbase
  2. CCBC-90

library crashes in instance.c libcouchbase_switch_to_backup_node.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.1.0dp9
    • Fix Version/s: None
    • Component/s: library
    • Security Level: Public
    • Labels:
      None
    • Environment:
      Windows

      Description

      library crashes when accessing into allocated memory at instance->backup_nodes[instance->backup_idx].

      instance->backup_nodes[instance->backup_idx] is not necessarily NULL when instance->backup_idx is >= instance->nbackup_nodes.

      This was fixed by changing line 729 from:

      if (instance->backup_nodes[instance->backup_idx] == NULL)

      { --instance->backup_idx; libcouchbase_error_handler(instance, error, reason); return -1; }

      to:

      if (instance->backup_idx >= instance->nbackup_nodes || instance->backup_nodes[instance->backup_idx] == NULL) { --instance->backup_idx; libcouchbase_error_handler(instance, error, reason); return -1; }

      This prevents indexing past the number of backup_nodes that have been allocated.

      No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

        Hide
        avsej Sergey Avseyev added a comment -

        Thanks for report. Actually the issue was in backup_nodes initialization on line 364 http://review.couchbase.org/#patch,sidebyside,19339,1,src/instance.c

        In patch http://review.couchbase.org/19339 I fixed the issue and also removed nbackup_nodes mentions

        Show
        avsej Sergey Avseyev added a comment - Thanks for report. Actually the issue was in backup_nodes initialization on line 364 http://review.couchbase.org/#patch,sidebyside,19339,1,src/instance.c In patch http://review.couchbase.org/19339 I fixed the issue and also removed nbackup_nodes mentions

          People

          • Assignee:
            avsej Sergey Avseyev
            Reporter:
            brettharrison Brett Harrison
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Gerrit Reviews

              There are no open Gerrit changes