It seems that this vulnerability was originally caused by ‘bytesNeeded’ integer overflow in bson_ensure_space().
Sum of ‘len’ and ‘dataSize’ that both have a type of ‘uint32_t’ can assigned to ‘byteNeeded’ (see https://git.launchpad.net/ubuntu/+source/whoopsie/tree/lib/bson/bson.c?h=applied/0.2.69#n670).
Even though it was already applied a series of exception handling routine for overflow of 'len' and 'dataSize', the flaw lies in improper exception handling of overflow in 'bytesNeeded'.
I think it would be better to replace data type of 'bytesNeeded'; from 'uint32_t' to 'size_t'.
Please check the attached patch.
It seems that this vulnerability was originally caused by ‘bytesNeeded’ integer overflow in bson_ensure_ space() . /git.launchpad. net/ubuntu/ +source/ whoopsie/ tree/lib/ bson/bson. c?h=applied/ 0.2.69# n670).
Sum of ‘len’ and ‘dataSize’ that both have a type of ‘uint32_t’ can assigned to ‘byteNeeded’ (see https:/
Even though it was already applied a series of exception handling routine for overflow of 'len' and 'dataSize', the flaw lies in improper exception handling of overflow in 'bytesNeeded'.
I think it would be better to replace data type of 'bytesNeeded'; from 'uint32_t' to 'size_t'.
Please check the attached patch.