Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-42987

If an abortTransaction command gets interrupted we may dereference a null pointer inside abortActiveUnpreparedOrStashPreparedTransaction

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.3.1
    • Affects Version/s: 4.2.0, 4.3.1
    • Component/s: Replication
    • None
    • Fully Compatible
    • ALL
    • v4.2
    • Repl 2019-08-26, Repl 2019-09-09, Repl 2019-09-23

      When we run a command via 'invokeWithSessionCheckedOut' we register an exit guard here which will fire if the command throws an uncaught exception. If we are running an 'abortTransaction' command on a session that currently has a prepared transaction, it is possible that the command gets interrupted. For example, if a concurrent killOp command has killed the operation. There is at least one interruption point within the 'abortTransaction' command where we try to log an abort oplog entry and then update the session entry. We try to acquire a lock there via AutoGetCollection. If the abort command throws after we have already cleaned up the OperationContext resources, then the WriteUnitOfWork on the opCtx will have been set to null. So, if we then try to stash our transaction resources inside 'TransactionParticipant::Participant::_stashActiveTransaction' when the exit guard fires, we may dereference the null WUOW.

            Assignee:
            judah.schvimer@mongodb.com Judah Schvimer
            Reporter:
            william.schultz@mongodb.com Will Schultz
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: