-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
Major - P3
-
None
-
Affects Version/s: 2.0.6
-
Component/s: Networking
-
Labels:None
-
ALL
ReplicaSetMonitor::_check() holds a reference to probablePrimaryIdx across multiple _locks. This could easily be modified between lock acquisitions, yet _master is conditionally set to this index. If ReplicaSetMonitor::check() calls ReplicaSetMonitor::_check() with checkAllSecondaries set to false, a subsequent call to ReplicaSetMonitor::check() could reference a node that's past the bounds of the _nodes vector.
I believe this could cause a segfault in ReplicaSetMonitor::check() as there is no upper bound check on the index of _master:
// first see if the current master is fine
if ( _master >= 0 ) {
masterConn = _nodes[_master].conn;
}
- is related to
-
-
- Closed
-
-
-
- Closed
-