There is a class of bug that results in using unowned BSON or RecordData objects, which reference memory owned by something else, and accessing that memory after it has been freed or overwritten. This has the potential to lead to undefined behavior and in-memory data corruption.
We should enable WT cursor copy debug mode with the configuration "debug_mode=(cursor_copy=true)" on the call to wiredtiger_open.
We should create a build variant or suite that does the following:
- Before freeing owned BSONObjs, overwrite the memory with garbage. This will blow up when an unowned BSONObjs is used after the owned object has been freed.
- When returning data from a cursor, copy memory from WiredTiger into a managed buffer, and return that unowned buffer to the caller. When that cursor is invalidated in any way, from an advance, close, or reset, overwrite the buffer with garbage and free the memory immediately. This will blow up in cases where callers use data from cursors after repositioning or yielding. See an example implementation here.