Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16038

CanonicalQuery leaks in mr::MapReduceCommand::run(), mr::State::finalReduce(), newRunQuery()

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.8.0-rc1
    • Affects Version/s: None
    • Component/s: MapReduce
    • ALL

      A CanonicalQuery object can leak if the !db path on line 1353 is taken (i.e., before cq ownership has been transferred in getExecutor):

      1341   CanonicalQuery* cq;
1342   if (!CanonicalQuery::canonicalize(config.ns,
1343                                     config.filter,
1344                                     config.sort,
1345                                     BSONObj(),
1346                                     &cq,
1347                                     whereCallback).isOK()) {
1348       uasserted(17238, "Can't canonicalize query " + config.filter.toString());
1349       return 0;
1350   }
1351
1352   Database* db = dbHolder().get(txn, nss.db());
1353   if (!db) {
1354       errmsg = "ns doesn't exist";
1355       return false;
1356   }
1357
1358   PlanExecutor* rawExec;
1359   if (!getExecutor(txn,
1360                    state.getCollectionOrUassert(db, config.ns),
1361                    cq,
1362                    PlanExecutor::YIELD_AUTO,
1363                    &rawExec).isOK()) {
1364       uasserted(17239, "Can't get executor for query "
1365                        + config.filter.toString());
1366       return 0;
1367   }

      Valgrind output:

      ==11542== 732 (80 direct, 652 indirect) bytes in 2 blocks are definitely lost in loss record 5,896 of 6,057
==11542==    at 0x4C2B2C0: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11542==    by 0x153ECC3: mongo::CanonicalQuery::canonicalize(std::string const&, mongo::BSONObj const&, mongo::BSONObj const&, mongo::BSONObj const&, long long, long long, mongo::BSONObj const&, mongo::BSONObj const&, mongo::BSONObj const&, bool, bool, mongo::CanonicalQuery**, mongo::MatchExpressionParser::WhereCallback const&) (canonical_query.cpp:522)
==11542==    by 0x153E62E: mongo::CanonicalQuery::canonicalize(std::string const&, mongo::BSONObj const&, mongo::BSONObj const&, mongo::BSONObj const&, long long, long long, mongo::BSONObj const&, mongo::CanonicalQuery**, mongo::MatchExpressionParser::WhereCallback const&) (canonical_query.cpp:415)
==11542==    by 0x153E565: mongo::CanonicalQuery::canonicalize(std::string const&, mongo::BSONObj const&, mongo::BSONObj const&, mongo::BSONObj const&, long long, long long, mongo::CanonicalQuery**, mongo::MatchExpressionParser::WhereCallback const&) (canonical_query.cpp:396)
==11542==    by 0x153E4EF: mongo::CanonicalQuery::canonicalize(std::string const&, mongo::BSONObj const&, mongo::BSONObj const&, mongo::BSONObj const&, mongo::CanonicalQuery**, mongo::MatchExpressionParser::WhereCallback const&) (canonical_query.cpp:382)
==11542==    by 0x12E4572: mongo::mr::MapReduceCommand::run(mongo::OperationContext*, std::string const&, mongo::BSONObj&, int, std::string&, mongo::BSONObjBuilder&, bool) (mr.cpp:1347)
==11542==    by 0x134201A: mongo::_execCommand(mongo::OperationContext*, mongo::Command*, std::string const&, mongo::BSONObj&, int, std::string&, mongo::BSONObjBuilder&, bool) (dbcommands.cpp:1160)
==11542==    by 0x1342FCF: mongo::Command::execCommand(mongo::OperationContext*, mongo::Command*, int, char const*, mongo::BSONObj&, mongo::BSONObjBuilder&, bool) (dbcommands.cpp:1374)
==11542==    by 0x13438DC: mongo::_runCommands(mongo::OperationContext*, char const*, mongo::BSONObj&, mongo::_BufBuilder<mongo::TrivialAllocator>&, mongo::BSONObjBuilder&, bool, int) (dbcommands.cpp:1450)
==11542==    by 0x1560D48: mongo::runCommands(mongo::OperationContext*, char const*, mongo::BSONObj&, mongo::CurOp&, mongo::_BufBuilder<mongo::TrivialAllocator>&, mongo::BSONObjBuilder&, bool, int) (new_find.cpp:131)
==11542==    by 0x15629D5: mongo::newRunQuery(mongo::OperationContext*, mongo::Message&, mongo::QueryMessage&, mongo::CurOp&, mongo::Message&, bool) (new_find.cpp:552)
==11542==    by 0x144E78A: mongo::receivedQuery(mongo::OperationContext*, mongo::Client&, mongo::DbResponse&, mongo::Message&, bool) (instance.cpp:220)
==11542==    by 0x144F8AD: mongo::assembleResponse(mongo::OperationContext*, mongo::Message&, mongo::DbResponse&, mongo::HostAndPort const&, bool) (instance.cpp:393)
==11542==    by 0x11567CB: mongo::MyMessageHandler::process(mongo::Message&, mongo::AbstractMessagingPort*, mongo::LastError*) (db.cpp:185)
==11542==    by 0x190A91A: mongo::PortMessageServer::handleIncomingMsg(void*) (message_server_port.cpp:234)
==11542==    by 0x4E3F181: start_thread (pthread_create.c:312)
==11542==    by 0x5D7BFBC: clone (clone.S:111)

      Version: 18c94ba44d3

            Assignee:
            rassi J Rassi
            Reporter:
            kamran.khan Kamran K.
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: