NetworkInterfaceAsio timers have UB signed integer overflow in chrono conversions

XMLWordPrintableJSON

    • Fully Compatible
    • ALL
    • Hide

      Run any NIA test under UBSAN

      Show
      Run any NIA test under UBSAN
    • Platforms 11 (03/11/16)
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      The MalformedMessageTest (and others) reveals a signed integer overflow with ASIO timers:

      /usr/bin/../lib/gcc/x86_64-linux-gnu/5.2.1/../../../../include/c++/5.2.1/chrono:176:38: runtime error: signed integer overflow: 9223370581106577305 * 1000000 cannot be represented in type 'long'
    #0 0x8128d4 in std::chrono::duration<long, std::ratio<1l, 1000000000l> > std::chrono::__duration_cast_impl<std::chrono::duration<long, std::ratio<1l, 1000000000l> >, std::ratio<1000000l, 1l>, long, false, true>::__cast<long, std::ratio<1l, 1000l> >(std::chrono::duration<long, std::ratio<1l, 1000l> > const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/5.2.1/../../../../include/c++/5.2.1/chrono:176:8
    #1 0x8128d4 in _ZNSt6chrono13duration_castINS_8durationIlSt5ratioILl1ELl1000000000EEEElS2_ILl1ELl1000EEEENSt9enable_ifIXsr13__is_durationIT_EE5valueES7_E4typeERKNS1_IT0_T1_EE /usr/bin/../lib/gcc/x86_64-linux-gnu/5.2.1/../../../../include/c++/5.2.1/chrono:203
    #2 0x8128d4 in std::chrono::duration<long, std::ratio<1l, 1000000000l> >::duration<long, std::ratio<1l, 1000l>, void>(std::chrono::duration<long, std::ratio<1l, 1000l> > const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/5.2.1/../../../../include/c++/5.2.1/chrono:271
    #3 0x8128d4 in mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0::operator()() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/executor/connection_pool_asio.cpp:60
    #4 0x8128d4 in void asio::asio_handler_invoke<mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0>(mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0&, ...) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/asio-asio-1-11-0/asio/include/asio/handler_invoke_hook.hpp:68
    #5 0x8128d4 in void asio_handler_invoke_helpers::invoke<mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0, mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0>(mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0&, mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0&) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/asio-asio-1-11-0/asio/include/asio/detail/handler_invoke_helpers.hpp:37
    #6 0x812a5b in void asio::detail::handler_work<mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0, asio::system_executor>::complete<mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0>(mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0&, mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0&) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/asio-asio-1-11-0/asio/include/asio/detail/handler_work.hpp:81:5
    #7 0x812a5b in asio::detail::completion_handler<mongo::executor::connection_pool_asio::ASIOTimer::setTimeout(std::chrono::duration<long, std::ratio<1l, 1000l> >, std::function<void ()>)::$_0>::do_complete(void*, asio::detail::scheduler_operation*, std::error_code const&, unsigned long) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/asio-asio-1-11-0/asio/include/asio/detail/completion_handler.hpp:69
    #8 0x90f401 in asio::detail::scheduler_operation::complete(void*, std::error_code const&, unsigned long) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/asio-asio-1-11-0/asio/include/asio/detail/scheduler_operation.hpp:39:5
    #9 0x90f401 in asio::detail::strand_service::do_complete(void*, asio::detail::scheduler_operation*, std::error_code const&, unsigned long) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/asio-asio-1-11-0/asio/include/asio/detail/impl/strand_service.ipp:167
    #10 0x9082c6 in asio::detail::scheduler_operation::complete(void*, std::error_code const&, unsigned long) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/asio-asio-1-11-0/asio/include/asio/detail/scheduler_operation.hpp:39:5
    #11 0x9082c6 in asio::detail::scheduler::do_run_one(asio::detail::scoped_lock<asio::detail::posix_mutex>&, asio::detail::scheduler_thread_info&, std::error_code const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/asio-asio-1-11-0/asio/include/asio/detail/impl/scheduler.ipp:369
    #12 0x8ff784 in asio::detail::scheduler::run(std::error_code&) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/asio-asio-1-11-0/asio/include/asio/detail/impl/scheduler.ipp:146:10
    #13 0x8ff66a in asio::io_service::run() /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/asio-asio-1-11-0/asio/include/asio/impl/io_service.ipp:60:19
    #14 0x821168 in mongo::executor::NetworkInterfaceASIO::startup()::$_0::operator()() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/executor/network_interface_asio.cpp:116:17
    #15 0x821168 in void std::_Bind_simple<mongo::executor::NetworkInterfaceASIO::startup()::$_0 ()>::_M_invoke<>(std::_Index_tuple<>) /usr/bin/../lib/gcc/x86_64-linux-gnu/5.2.1/../../../../include/c++/5.2.1/functional:1530
    #16 0x821168 in std::_Bind_simple<mongo::executor::NetworkInterfaceASIO::startup()::$_0 ()>::operator()() /usr/bin/../lib/gcc/x86_64-linux-gnu/5.2.1/../../../../include/c++/5.2.1/functional:1520
    #17 0x821168 in std::thread::_Impl<std::_Bind_simple<mongo::executor::NetworkInterfaceASIO::startup()::$_0 ()> >::_M_run() /usr/bin/../lib/gcc/x86_64-linux-gnu/5.2.1/../../../../include/c++/5.2.1/thread:115
    #18 0x7fccdbc7102f  (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb902f)
    #19 0x7fccdb9a16a9 in start_thread /build/buildd/glibc-2.21/nptl/pthread_create.c:333
    #20 0x7fccdb4bfeec in clone /build/buildd/glibc-2.21/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109

            Assignee:
            Mira Carey
            Reporter:
            Andrew Morrow (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: