Created from smartdevicelink/sdl_core#3887
0x00007f62ab4acf15 in byte_array_to_bson_string (bytes=0x7f62a000348a "", length=length@entry=18446744073709551615) at bson_util.c:121
121 bson_util.c: No such file or directory.
(gdb) bt
#0 0x00007f62ab4acf15 in byte_array_to_bson_string (bytes=0x7f62a000348a "", length=length@entry=18446744073709551615) at bson_util.c:121
#1 0x00007f62ab4ab564 in bson_object_from_bytes_len (output=0x7f62a9097ba0, data=0x7f62a0003480 "", dataSize=16) at bson_object.c:260
#2 0x000055fb2f2e807b in protocol_handler::get_hash_id (packet=...)
at /home/alex/Downloads/sdl_core/src/components/protocol_handler/src/protocol_handler_impl.cc:1603
#3 0x000055fb2f2e85ba in protocol_handler::ProtocolHandlerImpl::HandleControlMessageEndSession (this=0x55fb303969d0, packet=...)
at /home/alex/Downloads/sdl_core/src/components/protocol_handler/src/protocol_handler_impl.cc:1628
#4 0x000055fb2f2e6ca0 in protocol_handler::ProtocolHandlerImpl::HandleControlMessage (this=0x55fb303969d0,
packet=std::shared_ptr<class protocol_handler::ProtocolPacket> (use count 4, weak count 0) = {...})
at /home/alex/Downloads/sdl_core/src/components/protocol_handler/src/protocol_handler_impl.cc:1562
#5 0x000055fb2f2e50ce in protocol_handler::ProtocolHandlerImpl::HandleMessage (this=0x55fb303969d0,
packet=std::shared_ptr<class protocol_handler::ProtocolPacket> (use count 4, weak count 0) = {...})
at /home/alex/Downloads/sdl_core/src/components/protocol_handler/src/protocol_handler_impl.cc:1471
#6 0x000055fb2f2f00d8 in protocol_handler::ProtocolHandlerImpl::Handle (this=0x55fb303969d0, message=...)
at /home/alex/Downloads/sdl_core/src/components/protocol_handler/src/protocol_handler_impl.cc:2269
#7 0x000055fb2f3132b2 in threads::MessageLoopThread<utils::PrioritizedQueue<protocol_handler::impl::RawFordMessageFromMobile> >::LoopThreadDelegate::DrainQue (this=0x55fb303851e0) at /home/alex/Downloads/sdl_core/src/components/include/utils/threads/message_loop_thread.h:201
#8 0x000055fb2f312dd1 in threads::MessageLoopThread<utils::PrioritizedQueue<protocol_handler::impl::RawFordMessageFromMobile> >::LoopThreadDelegate::threadMain (this=0x55fb303851e0) at /home/alex/Downloads/sdl_core/src/components/include/utils/threads/message_loop_thread.h:184
#9 0x000055fb2f675d1f in threads::Thread::<lambda(threads::Thread*)>::operator()(threads::Thread *) const (__closure=0x7f62a9098b61, thread=0x55fb30384250)
at /home/alex/Downloads/sdl_core/src/components/utils/src/threads/thread_posix.cc:76
#10 0x000055fb2f676478 in threads::Thread::threadFunc (arg=0x55fb30384250)
at /home/alex/Downloads/sdl_core/src/components/utils/src/threads/thread_posix.cc:106
#11 0x00007f62ab6f4609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#12 0x00007f62aaacf293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95//bug2: length<=0
char *byte_array_to_bson_string(uint8_t *bytes, size_t length) {
char *stringVal = malloc(sizeof(char) * (length + 1));
int i = 0;
for (i = 0; i < length; i++) {
stringVal[i] = (char)(bytes[i] & 0xFF);
}
stringVal[length] = 0x00;
return stringVal;
} case TYPE_STRING:
// Buffer length is read first
if (remainBytes >= SIZE_INT32) {
int32_t bufferLength = read_int32_le((uint8_t **)¤t);
remainBytes -= SIZE_INT32;
// Type coercion int32_t => size_t
if (bufferLength <= remainBytes) {
char *stringVal = byte_array_to_bson_string((uint8_t*)current, (size_t)bufferLength - 1);
bson_object_put_string(&obj, key, stringVal);
free(stringVal);
current += bufferLength;
remainBytes -= (size_t)bufferLength;
If a negative value is somehow provided for a BSON string or BSON object, a potential crash could occur.
Created from smartdevicelink/sdl_core#3887
If a negative value is somehow provided for a BSON string or BSON object, a potential crash could occur.