Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-7615

FieldParser::extract(...BSONField<BSONObj>&...) does not copy unowned (maybe temp) memory

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 2.3.1
    • Internal Code
    • None
    • All, but most visible in debug builds (especially Windows)
    • Fully Compatible
    • ALL

    Description

      The FieldParser::extract() routine for BSONObj creates a BSONObj from an embedded field in a source document and sets its output parameter to this BSONObj. If the source document goes away, the resulting BSONObj becomes invalid; it points to freed or reused memory.

      This routine should probably call getOwned() on the object before returning it so that the extracted field has its own copy of the data.

      For example:
      http://buildlogs.mongodb.org/Windows%2064-bit%20DEBUG/builds/312/test/core/type_collection_test.exe

      Sat Nov 10 01:09:55.861 [UNKNOWN] going to run suite: Compatibility
      		 
      Sat Nov 10 01:09:55.861 [UNKNOWN] 	 going to run test: OldLastmod
      		 
      Sat Nov 10 01:09:55.861 [UNKNOWN] DEV WARNING appendDate() called with a tiny (but nonzero) date
      		 
      Sat Nov 10 01:09:55.861 [UNKNOWN] 	 going to run test: OldEpoch
      		 
      Sat Nov 10 01:09:55.861 [UNKNOWN] 	 going to run test: OldDroppedTrue
      		 
      Sat Nov 10 01:09:55.861 [UNKNOWN] 	 going to run test: OldDroppedFalse
      		 
      Sat Nov 10 01:09:55.861 [UNKNOWN] Assertion: 10320:BSONElement: bad type -35
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\util\stacktrace.cpp(161)                               mongo::printStackTrace+0x5b
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\util\log.cpp(436)                                      mongo::logContext+0x72
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\util\assert_util.cpp(154)                              mongo::msgasserted+0x171
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\bson\bson-inl.h(661)                                   mongo::BSONElement::size+0x239
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\bson\bsonobjiterator.h(81)                             mongo::BSONObjIterator::next+0x83
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\bson\bson-inl.h(200)                                   mongo::BSONObj::equal+0x7a
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\bson\bsonobj.h(401)                                    mongo::BSONObj::operator==+0x32
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.h(361)                               mongo::unittest::ComparisonAssertion::assertEqual<mongo::BSONObj,mongo::BSONObj>+0x61
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\s\type_collection_test.cpp(108)                        `anonymous namespace'::UnitTest__Compatibility__OldDroppedFalse::_doTest+0x5fe
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.cpp(87)                              mongo::unittest::Test::run+0x48
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.h(276)                               mongo::unittest::Suite::runTestObject<`anonymous namespace'::UnitTest__Compatibility__OldDroppedFalse>+0x33
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\third_party\boost\boost\function\function_template.hpp(113)  boost::detail::function::void_function_invoker0<void (__cdecl*)(void),void>::invoke+0x2f
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\third_party\boost\boost\function\function_template.hpp(761)  boost::function0<void>::operator()+0x87
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.h(174)                               mongo::unittest::TestHolder::run+0x2f
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.cpp(143)                             mongo::unittest::Suite::run+0x6c8
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.cpp(207)                             mongo::unittest::Suite::run+0x497
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest_main.cpp(26)                         main+0xb2
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c(278)              __tmainCRTStartup+0xe2
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] type_collection_test.exe  f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c(189)              mainCRTStartup+0xe
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] kernel32.dll                                                                                   BaseThreadInitThunk+0xd
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] FAIL: OldDroppedFalse	 std::exception: BSONElement: bad type -35 in test OldDroppedFalse
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] 	 DONE running tests
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] going to run suite: Validity
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] 	 going to run test: Empty
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] 	 going to run test: ShardedCollection
      		 
      Sat Nov 10 01:09:56.017 [UNKNOWN] Assertion: 10320:BSONElement: bad type -35
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\util\stacktrace.cpp(161)                               mongo::printStackTrace+0x5b
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\util\log.cpp(436)                                      mongo::logContext+0x72
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\util\assert_util.cpp(154)                              mongo::msgasserted+0x171
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\bson\bson-inl.h(661)                                   mongo::BSONElement::size+0x239
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\bson\bsonobjiterator.h(81)                             mongo::BSONObjIterator::next+0x83
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\bson\bson-inl.h(814)                                   mongo::BSONObj::nFields+0x5e
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\s\type_collection.cpp(66)                              mongo::CollectionType::isValid+0x331
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\s\type_collection_test.cpp(38)                         `anonymous namespace'::UnitTest__Validity__ShardedCollection::_doTest+0x325
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.cpp(87)                              mongo::unittest::Test::run+0x48
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.h(276)                               mongo::unittest::Suite::runTestObject<`anonymous namespace'::UnitTest__Validity__ShardedCollection>+0x33
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\third_party\boost\boost\function\function_template.hpp(113)  boost::detail::function::void_function_invoker0<void (__cdecl*)(void),void>::invoke+0x2f
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\third_party\boost\boost\function\function_template.hpp(761)  boost::function0<void>::operator()+0x87
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.h(174)                               mongo::unittest::TestHolder::run+0x2f
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.cpp(143)                             mongo::unittest::Suite::run+0x6c8
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest.cpp(207)                             mongo::unittest::Suite::run+0x497
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  ...\src\mongo\unittest\unittest_main.cpp(26)                         main+0xb2
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c(278)              __tmainCRTStartup+0xe2
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] type_collection_test.exe  f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c(189)              mainCRTStartup+0xe
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] kernel32.dll                                                                                   BaseThreadInitThunk+0xd
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] FAIL: ShardedCollection	 std::exception: BSONElement: bad type -35 in test ShardedCollection
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] 	 going to run test: UnshardedCollection
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] 	 going to run test: MixingOptionals
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] 	 DONE running tests
      		 
      Sat Nov 10 01:09:56.173 [UNKNOWN] **************************************************

      Another example:
      http://buildlogs.mongodb.org/Linux%2064-bit%20DEBUG/builds/1585/test/core/type_collection_test

      Fri Nov  9 20:36:41.849 [UNKNOWN] going to run suite: Compatibility
      		 
      Fri Nov  9 20:36:41.849 [UNKNOWN] 	 going to run test: OldLastmod
      		 
      Fri Nov  9 20:36:41.850 [UNKNOWN] DEV WARNING appendDate() called with a tiny (but nonzero) date
      		 
      Fri Nov  9 20:36:41.850 [UNKNOWN] 	 going to run test: OldEpoch
      		 
      Fri Nov  9 20:36:41.850 [UNKNOWN] 	 going to run test: OldDroppedTrue
      		 
      Fri Nov  9 20:36:41.850 [UNKNOWN] 	 going to run test: OldDroppedFalse
      		 
      Fri Nov  9 20:36:41.850 [UNKNOWN]   Assertion failure _pos <= _theend src/mongo/db/../bson/bsonobjiterator.h 79
      		 
      0x60e5db 0x60708b 0x60172a 0x58e03e 0x58ea3a 0x58cdf7 0x591c9e 0x589515 0x5fb8a1 0x58b0f4 0x5935a2 0x5fdbd1 0x5fd788 0x5fc23b 0x5fc9b5 0x600ede 0x7fe9e5724d8e 0x585b99 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZN5mongo15printStackTraceERSo+0x27) [0x60e5db]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZN5mongo10logContextEPKc+0x5e) [0x60708b]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZN5mongo12verifyFailedEPKcS1_j+0x124) [0x60172a]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZN5mongo15BSONObjIterator4nextEv+0x42) [0x58e03e]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZNK5mongo7BSONObj5equalERKS0_+0x5a) [0x58ea3a]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZNK5mongo7BSONObjeqERKS0_+0x23) [0x58cdf7]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZN5mongo8unittest19ComparisonAssertion11assertEqualINS_7BSONObjES3_EEvRKT_RKT0_+0x2a) [0x591c9e]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test() [0x589515]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZN5mongo8unittest4Test3runEv+0x3d) [0x5fb8a1]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test() [0x58b0f4]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZN5boost6detail8function22void_function_invoker0IPFvvEvE6invokeERNS1_15function_bufferE+0x1d) [0x5935a2]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZNK5boost9function0IvEclEv+0x73) [0x5fdbd1]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZNK5mongo8unittest10TestHolder3runEv+0x1c) [0x5fd788]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZN5mongo8unittest5Suite3runERKSsi+0x499) [0x5fc23b]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(_ZN5mongo8unittest5Suite3runERKSt6vectorISsSaISsEERKSsi+0x2e7) [0x5fc9b5]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test(main+0x72) [0x600ede]
      		 
       /lib/libc.so.6(__libc_start_main+0xfe) [0x7fe9e5724d8e]
      		 
       /home/yellow/buildslave/Linux_64bit_DEBUG/mongo/build/linux2/dd/mongo/s/type_collection_test() [0x585b99]
      		 
      Fri Nov  9 20:36:41.853 [UNKNOWN] 
       
      		 
      ***aborting after verify() failure as this is a debug/test build

      Attachments

        Activity

          People

            alerner Alberto Lerner
            tad Tad Marshall
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: