fix: out-of-bounds write in decimal Display implementation (!141) · Merge requests · core / tarantool-module

Denis Smirnov requested to merge issue71 into master Jun 04, 2022

fixes #71 (closed) (more details in the comment).

Previously we used ds->digits+14 buffer capacity to display a decimal with decNumberToString() function, while Tarantool uses DECIMAL_MAX_DIGITS + 14 length. As a result we have faced malloc header corruption in its free block list caused by an out of bounds write to buffer (other possible result could be a memory segfault).

Edited Jun 04, 2022 by Denis Smirnov

fix: out-of-bounds write in decimal Display implementation

Merge request reports