CDRIVER-5734 fix max length string handling (#1798)

kevinAlbs · kevinAlbs · commit aee2821b180f · 2024-12-02T15:53:52.000-05:00
* relocate `skip_if_no_large_allocations` to share with new test
* test calling `bson_value_copy` with UINT32_MAX length string (not NULL terminated)
* do not try to NULL terminate if not possible
* document length limitation
diff --git a/src/libbson/doc/bson_value_copy.rst b/src/libbson/doc/bson_value_copy.rst
@@ -22,3 +22,6 @@ Description
 
 This function will copy the boxed content in ``src`` into ``dst``. ``dst`` must be freed with :symbol:`bson_value_destroy()` when no longer in use.
 
+.. note::
+
+  If ``src`` represents a BSON UTF-8 string, :symbol:`bson_value_copy` attempts to NULL terminate the copied string in ``dst``. If ``src.value.v_utf8.len`` is `SIZE_MAX`, the copied string is (necessarily) not NULL terminated.
diff --git a/src/libbson/src/bson/bson-value.c b/src/libbson/src/bson/bson-value.c
@@ -38,11 +38,18 @@ bson_value_copy (const bson_value_t *src, /* IN */
    case BSON_TYPE_UTF8:
       BSON_ASSERT (mcommon_in_range_size_t_unsigned (src->value.v_utf8.len));
       size_t utf8_len_sz = (size_t) src->value.v_utf8.len;
-      BSON_ASSERT (utf8_len_sz <= SIZE_MAX - 1);
-      dst->value.v_utf8.len = src->value.v_utf8.len;
-      dst->value.v_utf8.str = bson_malloc (utf8_len_sz + 1);
-      memcpy (dst->value.v_utf8.str, src->value.v_utf8.str, dst->value.v_utf8.len);
-      dst->value.v_utf8.str[dst->value.v_utf8.len] = '\0';
+      if (utf8_len_sz == SIZE_MAX) {
+         // If the string is at maximum length, do not NULL terminate. The source necessarily cannot fit it.
+         dst->value.v_utf8.len = src->value.v_utf8.len;
+         dst->value.v_utf8.str = bson_malloc (utf8_len_sz);
+         memcpy (dst->value.v_utf8.str, src->value.v_utf8.str, dst->value.v_utf8.len);
+      } else {
+         // There is room in destination to NULL terminate.
+         dst->value.v_utf8.len = src->value.v_utf8.len;
+         dst->value.v_utf8.str = bson_malloc (utf8_len_sz + 1);
+         memcpy (dst->value.v_utf8.str, src->value.v_utf8.str, dst->value.v_utf8.len);
+         dst->value.v_utf8.str[dst->value.v_utf8.len] = '\0';
+      }
       break;
    case BSON_TYPE_DOCUMENT:
    case BSON_TYPE_ARRAY:
diff --git a/src/libbson/tests/test-string.c b/src/libbson/tests/test-string.c
@@ -482,14 +482,6 @@ test_bson_string_alloc (void)
    bson_string_free (str, true);
 }
 
-static int
-skip_if_no_large_allocations (void)
-{
-   // Skip tests requiring large allocations.
-   // Large allocations were observed to fail when run with TSan, and are time consuming with ASan.
-   return test_framework_getenv_bool ("MONGOC_TEST_LARGE_ALLOCATIONS");
-}
-
 void
 test_string_install (TestSuite *suite)
 {
diff --git a/src/libbson/tests/test-value.c b/src/libbson/tests/test-value.c
@@ -19,6 +19,7 @@
 #include <bson/bson.h>
 
 #include "TestSuite.h"
+#include "test-libmongoc.h" // skip_if_no_large_allocations
 
 
 static void
@@ -128,10 +129,25 @@ test_value_decimal128 (void)
    bson_destroy (&other);
 }
 
+static void
+test_value_big_copy (void *unused)
+{
+   BSON_UNUSED (unused);
+   char *big_string = bson_malloc (UINT32_MAX);
+   ASSERT (big_string);
+   memset (big_string, UINT32_MAX, 'a'); // `big_string` is not NULL-terminated.
+
+   bson_value_t dst;
+   bson_value_t src = {.value_type = BSON_TYPE_UTF8, .value = {.v_utf8 = {.str = big_string, .len = UINT32_MAX}}};
+   bson_value_copy (&src, &dst);
+   bson_free (big_string);
+   bson_value_destroy (&dst);
+}
 
 void
 test_value_install (TestSuite *suite)
 {
    TestSuite_Add (suite, "/bson/value/basic", test_value_basic);
    TestSuite_Add (suite, "/bson/value/decimal128", test_value_decimal128);
+   TestSuite_AddFull (suite, "/bson/value/big_copy", test_value_big_copy, NULL, NULL, skip_if_no_large_allocations);
 }
diff --git a/src/libmongoc/tests/test-libmongoc.c b/src/libmongoc/tests/test-libmongoc.c
@@ -2634,3 +2634,9 @@ test_framework_skip_if_no_server_ssl (void)
    }
    return 0; // Skip.
 }
+
+int
+skip_if_no_large_allocations (void)
+{
+   return test_framework_getenv_bool ("MONGOC_TEST_LARGE_ALLOCATIONS");
+}
diff --git a/src/libmongoc/tests/test-libmongoc.h b/src/libmongoc/tests/test-libmongoc.h
@@ -288,4 +288,10 @@ test_framework_is_loadbalanced (void);
 int
 test_framework_skip_if_no_server_ssl (void);
 
+
+// `skip_if_no_large_allocations` skip tests requiring large allocations.
+// Large allocations were observed to fail when run with TSan, and are time consuming with ASan.
+int
+skip_if_no_large_allocations (void);
+
 #endif

Original file line number	Diff line number	Diff line change
`@@ -482,14 +482,6 @@ test_bson_string_alloc (void)`
`482`	`482`	`bson_string_free (str, true);`
`483`	`483`	`}`
`484`	`484`
`485`		`-static int`
`486`		`-skip_if_no_large_allocations (void)`
`487`		`-{`
`488`		`- // Skip tests requiring large allocations.`
`489`		`- // Large allocations were observed to fail when run with TSan, and are time consuming with ASan.`
`490`		`- return test_framework_getenv_bool ("MONGOC_TEST_LARGE_ALLOCATIONS");`
`491`		`-}`
`492`		`-`
`493`	`485`	`void`
`494`	`486`	`test_string_install (TestSuite *suite)`
`495`	`487`	`{`
Original file line number	Diff line number	Diff line change
`@@ -2634,3 +2634,9 @@ test_framework_skip_if_no_server_ssl (void)`
`2634`	`2634`	`}`
`2635`	`2635`	`return 0; // Skip.`
`2636`	`2636`	`}`
	`2637`	`+`
	`2638`	`+int`
	`2639`	`+skip_if_no_large_allocations (void)`
	`2640`	`+{`
	`2641`	`+ return test_framework_getenv_bool ("MONGOC_TEST_LARGE_ALLOCATIONS");`
	`2642`	`+}`