-
Type:
Bug
-
Resolution: Done
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Fully Compatible
-
ALL
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
When run under address sanitizer, the batch_upconvert_test fails, claiming a heap overflow:
2014-01-06T11:50:45.344-0500 going to run suite: WriteBatchUpconvert
2014-01-06T11:50:45.344-0500 going to run test: BasicInsert
=================================================================
==8784==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600000dd92 at pc 0x5b0d70 bp 0x7fffbac42090 sp 0x7fffbac42060
READ of size 1 at 0x60600000dd92 thread T0
==8784==WARNING: Trying to symbolize code, but external symbolizer is not initialized!
#0 0x5b0d6f in __interceptor_strcmp ??:?
#1 0x6c24b9 in mongo::(anonymous namespace)::validateBSONIterative(mongo::(anonymous namespace)::Buffer*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/bson/bson_validate.cpp:293
#2 0x6c0781 in mongo::validateBSON(char const*, unsigned long) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/bson/bson_validate.cpp:359
#3 0x9fac9f in mongo::DbMessage::nextJsObj() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/dbmessage.h:213
#4 0x9f4d88 in mongo::msgToBatchInserts(mongo::Message const&, std::vector<mongo::BatchedCommandRequest*, std::allocator<mongo::BatchedCommandRequest*> >*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/s/write_ops/batch_upconvert.cpp:80
#5 0x9f40bf in mongo::msgToBatchRequests(mongo::Message const&, std::vector<mongo::BatchedCommandRequest*, std::allocator<mongo::BatchedCommandRequest*> >*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/s/write_ops/batch_upconvert.cpp:51
#6 0x5f6bc4 in (anonymous namespace)::UnitTest__WriteBatchUpconvert__BasicInsert::_doTest() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/s/write_ops/batch_upconvert_test.cpp:62
#7 0xc19dad in mongo::unittest::Test::run() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:125
#8 0x5f5b35 in void mongo::unittest::Suite::runTestObject<(anonymous namespace)::UnitTest__WriteBatchUpconvert__BasicInsert>() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:308
#9 0x635453 in boost::detail::function::void_function_invoker0<void (*)(), void>::invoke(boost::detail::function::function_buffer&) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/function/function_template.hpp:112
#10 0xc5051e in boost::function0<void>::operator()() const /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/function/function_template.hpp:759
#11 0xc29330 in mongo::unittest::TestHolder::run() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:206
#12 0xc1dda2 in mongo::unittest::Suite::run(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:182
#13 0xc217b9 in mongo::unittest::Suite::run(std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:247
#14 0xc5256b in main /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest_main.cpp:28
#15 0x7f14985b3ea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
#16 0x5f504c in _start ??:?
0x60600000dd92 is located 0 bytes to the right of 50-byte region [0x60600000dd60,0x60600000dd92)
allocated by thread T0 here:
#0 0x5e0179 in __interceptor_malloc ??:?
#1 0x5fb2b1 in mongo::Message::setData(int, char const*, unsigned long) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/util/net/message.h:283
#2 0x5f6b4a in (anonymous namespace)::UnitTest__WriteBatchUpconvert__BasicInsert::_doTest() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/s/write_ops/batch_upconvert_test.cpp:58
#3 0xc19dad in mongo::unittest::Test::run() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:125
#4 0x5f5b35 in void mongo::unittest::Suite::runTestObject<(anonymous namespace)::UnitTest__WriteBatchUpconvert__BasicInsert>() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:308
#5 0x635453 in boost::detail::function::void_function_invoker0<void (*)(), void>::invoke(boost::detail::function::function_buffer&) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/function/function_template.hpp:112
#6 0xc5051e in boost::function0<void>::operator()() const /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/function/function_template.hpp:759
#7 0xc29330 in mongo::unittest::TestHolder::run() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:206
#8 0xc1dda2 in mongo::unittest::Suite::run(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:182
#9 0xc217b9 in mongo::unittest::Suite::run(std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:247
#10 0xc5256b in main /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest_main.cpp:28
#11 0x7f14985b3ea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x0c0c7fff9b60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff9b70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff9b80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff9b90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff9ba0: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
=>0x0c0c7fff9bb0: 00 00[02]fa fa fa fa fa fd fd fd fd fd fd fd fa
0x0c0c7fff9bc0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c7fff9bd0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0c7fff9be0: fd fd fd fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0c7fff9bf0: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
0x0c0c7fff9c00: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==8784==ABORTING
- related to
-
-
- Closed
-