nullptr is passed for parameters marked with attribute non-null

XMLWordPrintableJSON

    • None
    • None

      The undefined behavior sanitizer in newer clang validates that nullptr is not passed as an argument to a function parameter marked with the nonnull attribute.

      There are some places in WiredTiger that appear to do this. As a workaround, the fix for SERVER-23826 will add the flag -fno-sanitize=nonnull-attribute when building the WiredTiger subtree.

      But the underlying issue should be fixed. Here is one example where nullptr is being passed to memmove:

      [MongoDFixture:job10] src/third_party/wiredtiger/src/include/buf.i:79:10: runtime error: null pointer passed as argument 1, which is declared to never be null
[MongoDFixture:job10] /usr/include/string.h:47:14: note: nonnull attribute specified here
[MongoDFixture:job10]     #0 0x2276648 in __curstat_get_value (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x2276648)
[MongoDFixture:job10]     #1 0x1779e18 in mongo::WiredTigerUtil::getStatisticsValue(__wt_session*, std::string const&, std::string const&, int) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x1779e18)
[MongoDFixture:job10]     #2 0x173688c in mongo::StatusWith<long> mongo::WiredTigerUtil::getStatisticsValueAs<long>(__wt_session*, std::string const&, std::string const&, int, long) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x173688c)
[MongoDFixture:job10]     #3 0x174d3a7 in mongo::WiredTigerRecordStore::storageSize(mongo::OperationContext*, mongo::BSONObjBuilder*, int) const (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x174d3a7)
[MongoDFixture:job10]     #4 0xf11c90 in mongo::CollectionStats::run(mongo::OperationContext*, std::string const&, mongo::BSONObj&, int, std::string&, mongo::BSONObjBuilder&) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xf11c90)
[MongoDFixture:job10]     #5 0xf08e24 in mongo::Command::run(mongo::OperationContext*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xf08e24)
[MongoDFixture:job10]     #6 0xf0644f in mongo::Command::execCommand(mongo::OperationContext*, mongo::Command*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xf0644f)
[MongoDFixture:job10]     #7 0x15c3bd8 in mongo::runCommands(mongo::OperationContext*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x15c3bd8)
[MongoDFixture:job10]     #8 0x10acb5f in mongo::assembleResponse(mongo::OperationContext*, mongo::Message&, mongo::DbResponse&, mongo::HostAndPort const&) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x10acb5f)
[MongoDFixture:job10]     #9 0xc2f0de in mongo::MyMessageHandler::process(mongo::Message&, mongo::AbstractMessagingPort*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xc2f0de)
[MongoDFixture:job10]     #10 0x19b9c4b in mongo::PortMessageServer::handleIncomingMsg(void*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x19b9c4b)
[MongoDFixture:job10]     #11 0x7fe08c68c6f9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76f9)
[MongoDFixture:job10]     #12 0x7fe08c1acb5c in clone /build/glibc-GKVZIf/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
[MongoDFixture:job10]

      To reproduce these issues build the server with undefined behavior sanitizer (--sanitize=undefined), after commenting out the addition of -fno-sanitize=nonnull-attribute in the top level MongoDB SConstruct file, and then run the "core" JS test suite with resmoke.

            Assignee:
            Keith Bostic (Inactive)
            Reporter:
            Andrew Morrow (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: