Fix heap-use-after-free error caused by runAggregate() helper for analyzeShardKey command

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Fixed
    • Priority: Major - P3
    • 6.2.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • Sharding 2022-10-03
    • 170
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Currently, the BSONObjIterator is created with an unowned BSONObj and that is causing a heap-use-after-free error.

      [js_test:monotonicity_hashed_sharding_compound] d20043| ==86122==ERROR: AddressSanitizer: heap-use-after-free on address 0x616001b387a4 at pc 0x5630a5f30e26 bp 0x7f5fd9160250 sp 0x7f5fd9160248
[js_test:monotonicity_hashed_sharding_compound] d20043| READ of size 4 at 0x616001b387a4 thread T115 (conn32)
[js_test:monotonicity_hashed_sharding_compound] d20043| 2022-09-21T09:21:52.657+00:00 I  NETWORK  22943   [listener] "Connection accepted","attr":{"remote":"10.128.130.226:49654","uuid":{"uuid":{"$uuid":"af6c2e7f-90ec-4e1b-8cdc-46aeda81831a"}},"connectionId":42,"connectionCount":18}
[js_test:monotonicity_hashed_sharding_compound] d20043|     #0 0x5630a5f30e25 in mongo::DataType::Handler<int, void>::unsafeLoad(int*, char const*, unsigned long*) /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/base/data_type.h:70:17
[js_test:monotonicity_hashed_sharding_compound] d20043|     #1 0x5630a5f30e25 in void mongo::DataType::unsafeLoad<int>(int*, char const*, unsigned long*) /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/base/data_type.h:153:9
[js_test:monotonicity_hashed_sharding_compound] d20043|     #2 0x5630a5f30e25 in mongo::DataType::Handler<mongo::LittleEndian<int>, void>::unsafeLoad(mongo::LittleEndian<int>*, char const*, unsigned long*) /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/base/data_type_endian.h:90:13
[js_test:monotonicity_hashed_sharding_compound] d20043|     #3 0x5630a5f30e25 in void mongo::DataType::unsafeLoad<mongo::LittleEndian<int> >(mongo::LittleEndian<int>*, char const*, unsigned long*) /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/base/data_type.h:153:9
[js_test:monotonicity_hashed_sharding_compound] d20043|     #4 0x5630a5f30e25 in mongo::ConstDataView const& mongo::ConstDataView::readInto<mongo::LittleEndian<int> >(mongo::LittleEndian<int>*, long) const /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/base/data_view.h:53:9
[js_test:monotonicity_hashed_sharding_compound] d20043|     #5 0x5630a5f30e25 in mongo::LittleEndian<int> mongo::ConstDataView::read<mongo::LittleEndian<int> >(long) const /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/base/data_view.h:62:9
[js_test:monotonicity_hashed_sharding_compound] d20043|     #6 0x5630a5f30e25 in mongo::BSONObj::objsize() const /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/bson/bsonobj.h:470:41
[js_test:monotonicity_hashed_sharding_compound] d20043|     #7 0x5630a5f30e25 in mongo::BSONObjIterator::BSONObjIterator(mongo::BSONObj const&) /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/bson/bsonobj.h:826:22
[js_test:monotonicity_hashed_sharding_compound] d20043|     #8 0x5630a5f30e25 in mongo::analyze_shard_key::(anonymous namespace)::runAggregate(mongo::OperationContext*, mongo::NamespaceString const&, mongo::AggregateCommandRequest, std::function<void (mongo::BSONObj const&)>)::$_0::operator()() const /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/db/s/analyze_shard_key_cmd_util.cpp:176:37
[js_test:monotonicity_hashed_sharding_compound] d20043|     #9 0x5630a5f30e25 in auto mongo::shardVersionRetry<mongo::analyze_shard_key::(anonymous namespace)::runAggregate(mongo::OperationContext*, mongo::NamespaceString const&, mongo::AggregateCommandRequest, std::function<void (mongo::BSONObj const&)>)::$_0>(mongo::OperationContext*, mongo::CatalogCache*, mongo::NamespaceString, mongo::StringData, mongo::analyze_shard_key::(anonymous namespace)::runAggregate(mongo::OperationContext*, mongo::NamespaceString const&, mongo::AggregateCommandRequest, std::function<void (mongo::BSONObj const&)>)::$_0&&) /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/s/stale_shard_version_helpers.h:83:20
[js_test:monotonicity_hashed_sharding_compound] d20043|     #10 0x5630a5f30e25 in mongo::analyze_shard_key::(anonymous namespace)::runAggregate(mongo::OperationContext*, mongo::NamespaceString const&, mongo::AggregateCommandRequest, std::function<void (mongo::BSONObj const&)>) /data/mci/3b2111edb7e9a2a33f5983b9a3c9d279/src/src/mongo/db/s/analyze_shard_key_cmd_util.cpp:165:17

       

            Assignee:
            Cheahuychou Mao
            Reporter:
            Cheahuychou Mao
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: