[MDEV-36070] A potential null-pointer-dereference bug - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Not a Bug
Affects Version/s: 10.6.4
Fix Version/s: N/A
Component/s: Storage Engine - Mroonga
Labels:
None

Description

I have found a potential null-pointer-dereference bug. In the file storage/mroonga/vendor/groonga/lib/time.c, the function grn_timeval2tm may return NULL at line 119. The function grn_timeval2str in storage/mroonga/vendor/groonga/lib/time.c and rotate_log_file in storage/mroonga/vendor/groonga/lib/logger.c both call grn_timeval2tm at line 177 and line 180 respectively but don't check the return value before dereferencing it, which may lead to null-pointer-dereference vulnerability.

Although I found the potential bug in version 10.6.4, it still exists in current version.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2025-03-03-17-30-13-848.png
87 kB
2025-03-03 09:30
image-2025-02-12-15-53-42-421.png
261 kB
2025-02-12 07:53

Activity

People

Assignee:: Kouhei Sutou

Reporter:: JumpKnight

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2025-02-12 07:59

Updated:: 2025-03-05 11:00

Resolved:: 2025-02-13 14:14

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.