Details
-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
1.1.0dp9
-
Security Level: Public
-
None
-
Windows
Description
library crashes when accessing into allocated memory at instance->backup_nodes[instance->backup_idx].
instance->backup_nodes[instance->backup_idx] is not necessarily NULL when instance->backup_idx is >= instance->nbackup_nodes.
This was fixed by changing line 729 from:
if (instance->backup_nodes[instance->backup_idx] == NULL)
{ --instance->backup_idx; libcouchbase_error_handler(instance, error, reason); return -1; }to:
if (instance->backup_idx >= instance->nbackup_nodes || instance->backup_nodes[instance->backup_idx] == NULL) { --instance->backup_idx; libcouchbase_error_handler(instance, error, reason); return -1; }
This prevents indexing past the number of backup_nodes that have been allocated.