Crash while extracting messages via event-based API

[humblemoriarty]

Read the FAQ first: https://github.com/edenhill/librdkafka/wiki/FAQ

Description

Event-based API function size_t rd_kafka_event_message_array (rd_kafka_event_t *rkev, const rd_kafka_message_t **rkmessages, size_t size) doesn't check array boundary, size parameter isn't used at all.

How to reproduce

Crashes when the number of events in the queue exceeds array size.

IMPORTANT: Always try to reproduce the issue on the latest released version (see https://github.com/edenhill/librdkafka/releases), if it can't be reproduced on the latest version the issue has been fixed.

Checklist

IMPORTANT: We will close issues where the checklist has not been completed.

Please provide the following information:

• librdkafka version (release number or git tag): 1.4.0 and early
• Apache Kafka version:
• librdkafka client configuration:
• Operating system:
• Provide logs (with debug=.. as necessary) from librdkafka
• Provide broker log excerpts
• Critical issue

[edenhill]

Good find!
That's embarassing..