Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-22705

MMAPv1 BTree buckets depend on illegal-in-C++ flexible array members

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: MMAPv1
    • Storage Execution
    • ALL
    • Hide

      Run btree_interface_test under UBSAN

      Show
      Run btree_interface_test under UBSAN

      The flexible array member trick is not valid in C++, however the MMAPv1 subsystem makes extensive use of it to define BTree buckets:

      https://github.com/mongodb/mongo/blob/9299908ecce87efded5f16980824490b8933678e/src/mongo/db/storage/mmap_v1/btree/btree_ondisk.h#L177

      This causes UBSAN to complain about access beyond the end of the array:

      src/mongo/db/storage/mmap_v1/btree/btree_logic.cpp:254:25: runtime error: index 8145 out of bounds for type 'char [4]'
    #0 0x6ab747 in mongo::BtreeLogic<mongo::BtreeLayoutV1>::dataAt(mongo::BtreeBucketV1*, short) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/storage/mmap_v1/btree/btree_logic.cpp:254:12
    #1 0x6ab747 in mongo::BtreeLogic<mongo::BtreeLayoutV1>::pushBack(mongo::BtreeBucketV1*, mongo::DiskLoc, mongo::KeyV1 const&, mongo::DiskLoc) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/storage/mmap_v1/btree/btree_logic.cpp:412
    #2 0x6aac42 in mongo::BtreeLogic<mongo::BtreeLayoutV1>::Builder::addKey(mongo::BSONObj const&, mongo::DiskLoc const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/storage/mmap_v1/btree/btree_logic.cpp:142:10
    #3 0x69274b in mongo::(anonymous namespace)::BtreeBuilderInterfaceImpl<mongo::BtreeLayoutV1>::addKey(mongo::BSONObj const&, mongo::RecordId const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/storage/mmap_v1/btree/btree_interface.cpp:54:16
    #4 0x709285 in mongo::UnitTest__SortedDataInterface__BuilderAddKey::_doTest() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/storage/sorted_data_interface_test_bulkbuilder.cpp:55:9
    #5 0x7cb778 in mongo::unittest::Test::run() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:147:9
    #6 0x70fb73 in void mongo::unittest::Suite::runTestObject<mongo::UnitTest__SortedDataInterface__BuilderAddKey>() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:405:9
    #7 0x7ccf0d in mongo::unittest::TestHolder::run() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:257:9
    #8 0x7ccf0d in mongo::unittest::Suite::run(std::string const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:263
    #9 0x7ce3d7 in mongo::unittest::Suite::run(std::vector<std::string, std::allocator<std::string> > const&, std::string const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:321:27
    #10 0x7d3957 in main /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest_main.cpp:40:12
    #11 0x7f3328cb5a3f in __libc_start_main /build/buildd/glibc-2.21/csu/libc-start.c:289
    #12 0x623dd8 in _start (/home/andrew/Documents/10gen/dev/src/mongodb/build/optdebug/mongo/db/storage/mmap_v1/btree_interface_test+0x623dd8)

            Assignee:
            backlog-server-execution [DO NOT USE] Backlog - Storage Execution Team
            Reporter:
            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: