[SERVER-9051] v8 heap allocation failure can lead to segfault - MongoDB Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical - P2
Resolution: Gone away
Affects Version/s: 2.4.0
Fix Version/s: None
Component/s: JavaScript
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL

Description

The following functions may attempt to dereference an empty handle when v8 heap space is nearly depleted:

namedGet()
namedGetRO()
indexedGet()
indexedGetRO()
nativeCallback()

This is because mongoToV8Element() does not check for allocation success nor OOM when creating a new JS object.

Attachments

Issue Links

is duplicated by

SERVER-9117 Mongo segfault on mapreduce - repeatable every time

Closed

is related to

SERVER-9291 V8Scope::invoke shouldn't silently ignore arguments after the 24th

Closed

related to

SERVER-9213 Resource constraints cause premature OOM and segfault

Closed

SERVER-9267 Issues with readonly BSON in v8

Closed

SERVER-9185 Add GC Prologue and Epilogue heap stats

Closed

SERVER-9187 Reduce memory requirements from v8 interceptors

Closed

(1 related to)

Activity

People

Assignee:: Unassigned

Reporter:: Ben Becker

Participants:: Andy Schwerin, Ben Becker, Francois Rigault, Jason Carey

Votes:: 1 Vote for this issue

Watchers:: 13 Start watching this issue

Dates

Created:: Mar 21 2013 02:21:44 PM UTC

Updated:: Apr 14 2016 03:19:27 PM UTC

Resolved:: Sep 24 2015 05:50:36 PM UTC