Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 5.3.0
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Sprint:
Security 2022-02-07
Linked BF Score:
175

[js_test:benchrun_scram] ==228685==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7f61cf8fdc40 at pc 0x559e8d9ddf26 bp 0x7f61cf8fd700 sp 0x7f61cf8fceb0[js_test:benchrun_scram] READ of size 11 at 0x7f61cf8fdc40 thread T4 (js)

[js_test:benchrun_scram] Address 0x7f61cf8fdc40 is located in stack of thread T4 (js) at offset 800 in frame
[js_test:benchrun_scram]     #0 0x559e9340475f in mongo::DBClientBase::auth(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/client/dbclient_base.cpp:423
[js_test:benchrun_scram] 
[js_test:benchrun_scram]   This frame has 13 object(s):
[js_test:benchrun_scram]     [32, 64) 'agg.tmp.i.i'
[js_test:benchrun_scram]     [96, 216) 'user' (line 425)
[js_test:benchrun_scram]     [256, 288) 'agg.tmp'
[js_test:benchrun_scram]     [320, 352) 'agg.tmp2'
[js_test:benchrun_scram]     [384, 440) 'agg.tmp3'
[js_test:benchrun_scram]     [480, 528) 'mechResult' (line 427)
[js_test:benchrun_scram]     [560, 608) 'ref.tmp' (line 428)
[js_test:benchrun_scram]     [640, 672) 'agg.tmp7'
[js_test:benchrun_scram]     [704, 744) 'agg.tmp10'
[js_test:benchrun_scram]     [784, 816) 'ref.tmp20' (line 436) <== Memory access at offset 800 is inside this variable
[js_test:benchrun_scram]     [848, 864) 'authParams' (line 439)
[js_test:benchrun_scram]     [880, 896) 'agg.tmp51'
[js_test:benchrun_scram]     [912, 928) 'agg.tmp53'
[js_test:benchrun_scram] HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
[js_test:benchrun_scram]       (longjmp and C++ exceptions *are* supported)
[js_test:benchrun_scram] Thread T4 (js) created by T0 here:
[js_test:benchrun_scram]     #0 0x559e8d9c778d in __interceptor_pthread_create /data/mci/bf9fe9fe7099cc84c75c9ab85373ed19/toolchain-builder/tmp/build-llvm.sh-nzs/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:210:3
[js_test:benchrun_scram]     #1 0x559e94ca24b4 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/data/mci/f3ec9c4407665c95a8ffc620c95f904b/src/dist-test/bin/mongo+0xb5aa4b4)
[js_test:benchrun_scram]     #2 0x559e908cb8bd in mongo::stdx::thread::thread<void (*)(mongo::mozjs::MozJSProxyScope*), mongo::mozjs::MozJSProxyScope*, 0>(void (*)(mongo::mozjs::MozJSProxyScope*), mongo::mozjs::MozJSProxyScope*&&) /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/stdx/thread.h:178:11
[js_test:benchrun_scram]     #3 0x559e908cb8bd in mongo::mozjs::MozJSProxyScope::MozJSProxyScope(mongo::mozjs::MozJSScriptEngine*) /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/scripting/mozjs/proxyscope.cpp:54
[js_test:benchrun_scram]     #4 0x559e907a9931 in mongo::mozjs::MozJSScriptEngine::createScope() /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/scripting/mozjs/engine.cpp:77:16
[js_test:benchrun_scram]     #5 0x559e8da1901b in mongo::mongo_main(int, char**) /data/mci/b5d83040faceee99dbd7631e71e51dfb/src/src/mongo/shell/mongo_main.cpp:845:77
[js_test:benchrun_scram]     #6 0x559e8da10fea in main /data/mci/58d7e0dc2cbc0924f9cdaeb88eafc3da/src/src/mongo/shell/mongo.cpp:42:22

Assignee:: Adam Rayner

Reporter:: Adam Rayner

Participants:: Adam Rayner, Githook User

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: Feb 03 2022 04:08:24 PM UTC

Updated:: Oct 29 2023 09:43:09 PM UTC

Resolved:: Feb 03 2022 10:58:42 PM UTC

Details

Description

Attachments

Activity

People

Dates