Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-42987

If an abortTransaction command gets interrupted we may dereference a null pointer inside abortActiveUnpreparedOrStashPreparedTransaction

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 4.2.0, 4.3.1
    • Fix Version/s: 4.3.1
    • Component/s: Replication
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.2
    • Sprint:
      Repl 2019-08-26, Repl 2019-09-09, Repl 2019-09-23

      Description

      When we run a command via 'invokeWithSessionCheckedOut' we register an exit guard here which will fire if the command throws an uncaught exception. If we are running an 'abortTransaction' command on a session that currently has a prepared transaction, it is possible that the command gets interrupted. For example, if a concurrent killOp command has killed the operation. There is at least one interruption point within the 'abortTransaction' command where we try to log an abort oplog entry and then update the session entry. We try to acquire a lock there via AutoGetCollection. If the abort command throws after we have already cleaned up the OperationContext resources, then the WriteUnitOfWork on the opCtx will have been set to null. So, if we then try to stash our transaction resources inside 'TransactionParticipant::Participant::_stashActiveTransaction' when the exit guard fires, we may dereference the null WUOW.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              judah.schvimer Judah Schvimer
              Reporter:
              william.schultz William Schultz (Inactive)
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: