|
|
|
|
|
|
by duskwuff
3714 days ago
|
|
|
> I've no clue about the trailing NUL on the record itself, perhaps a safety feature? Could be. Or perhaps there's enough code paths in common between string parsing and document parsing that they decided to put a trailing null byte on both. Stepping back a bit, though, the fact that BSON is optimized for "direct" use in C code is really scary. That suggests that any failure to completely validate BSON data could open up vulnerabilities in C code manipulating it. |
|
|