-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Fully Compatible
-
ALL
-
Security 2022-02-07
-
175
-
None
-
3
-
None
-
None
-
None
-
None
-
None
-
None
[js_test:benchrun_scram] ==228685==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7f61cf8fdc40 at pc 0x559e8d9ddf26 bp 0x7f61cf8fd700 sp 0x7f61cf8fceb0[js_test:benchrun_scram] READ of size 11 at 0x7f61cf8fdc40 thread T4 (js)
[js_test:benchrun_scram] Address 0x7f61cf8fdc40 is located in stack of thread T4 (js) at offset 800 in frame [js_test:benchrun_scram] #0 0x559e9340475f in mongo::DBClientBase::auth(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/client/dbclient_base.cpp:423 [js_test:benchrun_scram] [js_test:benchrun_scram] This frame has 13 object(s): [js_test:benchrun_scram] [32, 64) 'agg.tmp.i.i' [js_test:benchrun_scram] [96, 216) 'user' (line 425) [js_test:benchrun_scram] [256, 288) 'agg.tmp' [js_test:benchrun_scram] [320, 352) 'agg.tmp2' [js_test:benchrun_scram] [384, 440) 'agg.tmp3' [js_test:benchrun_scram] [480, 528) 'mechResult' (line 427) [js_test:benchrun_scram] [560, 608) 'ref.tmp' (line 428) [js_test:benchrun_scram] [640, 672) 'agg.tmp7' [js_test:benchrun_scram] [704, 744) 'agg.tmp10' [js_test:benchrun_scram] [784, 816) 'ref.tmp20' (line 436) <== Memory access at offset 800 is inside this variable [js_test:benchrun_scram] [848, 864) 'authParams' (line 439) [js_test:benchrun_scram] [880, 896) 'agg.tmp51' [js_test:benchrun_scram] [912, 928) 'agg.tmp53' [js_test:benchrun_scram] HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork [js_test:benchrun_scram] (longjmp and C++ exceptions *are* supported) [js_test:benchrun_scram] Thread T4 (js) created by T0 here: [js_test:benchrun_scram] #0 0x559e8d9c778d in __interceptor_pthread_create /data/mci/bf9fe9fe7099cc84c75c9ab85373ed19/toolchain-builder/tmp/build-llvm.sh-nzs/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:210:3 [js_test:benchrun_scram] #1 0x559e94ca24b4 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/data/mci/f3ec9c4407665c95a8ffc620c95f904b/src/dist-test/bin/mongo+0xb5aa4b4) [js_test:benchrun_scram] #2 0x559e908cb8bd in mongo::stdx::thread::thread<void (*)(mongo::mozjs::MozJSProxyScope*), mongo::mozjs::MozJSProxyScope*, 0>(void (*)(mongo::mozjs::MozJSProxyScope*), mongo::mozjs::MozJSProxyScope*&&) /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/stdx/thread.h:178:11 [js_test:benchrun_scram] #3 0x559e908cb8bd in mongo::mozjs::MozJSProxyScope::MozJSProxyScope(mongo::mozjs::MozJSScriptEngine*) /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/scripting/mozjs/proxyscope.cpp:54 [js_test:benchrun_scram] #4 0x559e907a9931 in mongo::mozjs::MozJSScriptEngine::createScope() /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/scripting/mozjs/engine.cpp:77:16 [js_test:benchrun_scram] #5 0x559e8da1901b in mongo::mongo_main(int, char**) /data/mci/b5d83040faceee99dbd7631e71e51dfb/src/src/mongo/shell/mongo_main.cpp:845:77 [js_test:benchrun_scram] #6 0x559e8da10fea in main /data/mci/58d7e0dc2cbc0924f9cdaeb88eafc3da/src/src/mongo/shell/mongo.cpp:42:22