Details
-
Bug
-
Resolution: Fixed
-
Major
-
4.0.0
-
Security Level: Public
-
None
-
Untriaged
-
Unknown
Description
Couchstore reads the size of the header from a file on disk and then malloc()s a buffer of that size; without performing any size or range checks. However we do check the result of the malloc so any totally crazy value should be caught.
/couchstore/src/views/bin/couch_view_group_compactor.c
Attachments
For Gerrit Dashboard: MB-16526 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
56382,4 | MB-16526: Check header size before allocating | master | couchstore | Status: MERGED | +2 | +1 |