in_elasticsearch: check map size before accessing first entry [Backport to 4.2]#11902
Conversation
get_write_op() accesses kv[0] without checking that the map has at
least one entry. When the bulk API receives an empty JSON object {}
as the meta line, msgpack unpacks it as a map with size 0 and the
kv[0] access reads past the map allocation.
Add an early return when map size is zero.
Signed-off-by: Tristan <tristan@talencesecurity.com>
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4a78d3471c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (map->via.map.size == 0) { | ||
| return FLB_FALSE; |
There was a problem hiding this comment.
In a bulk payload where a delete metadata line is followed by an empty map, the delete branch frees write_op but leaves the caller's variable non-NULL before goto proceed; this new early return leaves out_write_op untouched, so the caller's else path calls flb_sds_destroy(write_op) again on the stale pointer. Please clear *out_write_op (and the size) before returning false, or otherwise ensure the caller does not reuse a previously freed value.
Useful? React with 👍 / 👎.
1 participant
Backporting of #11856.
Enter
[N/A]in the box, if an item is not applicable to your change.Testing
Before we can approve your change; please submit the following in a comment:
If this is a change to packaging of containers or native binaries then please confirm it works for all targets.
ok-package-testlabel to test for all targets (requires maintainer to do).Documentation
Backporting
Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.