Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 4.1.1, 4.5.0
Affects Version/s: 2.5.2, 3.1.3, 4.1.0, 4.5.0
Component/s: memcached
Security Level: Public
Labels:
None

Triage:
Untriaged
Is this a Regression?:
Unknown

Description

If buf_to_printable_buffer() is passed a source buf which is larger than
dest buf, it attempts to only process as many bytes as will fit in the
destination. However there is an off-by-one error when writing the
trailing \0 which causes it to overwrite the end of the destination
buffer.

Identified during testing of some long sub-document mutation paths.

Note this code is only executed if memcached's verbosity is set to '2' or higher (default in production is 1), hence the fact that we've not (to my knowledge) seen any production issues.

Attachments

Issue Links

blocks

MB-17211 4.1.1 Minor Release

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Dave Rigby

Reporter:: Dave Rigby

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Feb/16 1:57 AM

Updated:: 15/Mar/16 12:47 PM

Resolved:: 15/Mar/16 12:46 PM

Gerrit Reviews

There are no open Gerrit changes

Show There are 4 closed Gerrit changes

Hide There are 4 closed Gerrit changes

MB-17891: Correct off-by-one error in buf_to_printable_buffer(): Gerrit Review:

MB-17891: Correct off-by-one error in buf_to_printable_buffer(): Gerrit Review:

MB-17891: Actually fix off-by-one-error in buf_to_printable_buffer(): Gerrit Review:

Merge remote-tracking branch 'couchbase/watson' into couchbase/master: Gerrit Review:

Off-by-one error (potential buffer overflow) in buf_to_printable_buffer

Details

Description

Attachments

Issue Links

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty