Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-68234

Enforce fillLockerInfo() resource type index bounds

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 6.2.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Fully Compatible
    • ALL
    • Execution Team 2022-09-19

      Illegal address computation

      If this address is later used for bounds checking another pointer before dereferencing, an overrun may occur due to the weak guard. An illegal address is computed, which either precedes a buffer or is more than just-past its end
      /src/mongo/db/stats/fill_locker_info.cpp:51: OVERRUN 123188 Checking "lockType == mongo::RESOURCE_GLOBAL" implies that "lockType" is 1 on the true branch.
      /src/mongo/db/stats/fill_locker_info.cpp:51: OVERRUN 123188 Assigning: "index" = "(lockType == mongo::RESOURCE_GLOBAL) ? lock.resourceId.getHashId() : (4 + lockType - 1)". The value of "index" may now be up to 2305843009213693951.
      /src/mongo/db/stats/fill_locker_info.cpp:54: OVERRUN 123188 "modeForType[index]" evaluates to an address that is at byte offset 9223372036854775804 of an array of 36 bytes.

            Assignee:
            haley.connelly@mongodb.com Haley Connelly
            Reporter:
            xgen-internal-coverity Coverity Collector User
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: