Details
-
Bug
-
Status: Closed
-
Major - P3
-
Resolution: Fixed
-
None
-
None
Description
The undefined behavior sanitizer in newer clang validates that nullptr is not passed as an argument to a function parameter marked with the nonnull attribute.
There are some places in WiredTiger that appear to do this. As a workaround, the fix for SERVER-23826 will add the flag -fno-sanitize=nonnull-attribute when building the WiredTiger subtree.
But the underlying issue should be fixed. Here is one example where nullptr is being passed to memmove:
[MongoDFixture:job10] src/third_party/wiredtiger/src/include/buf.i:79:10: runtime error: null pointer passed as argument 1, which is declared to never be null
|
[MongoDFixture:job10] /usr/include/string.h:47:14: note: nonnull attribute specified here
|
[MongoDFixture:job10] #0 0x2276648 in __curstat_get_value (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x2276648)
|
[MongoDFixture:job10] #1 0x1779e18 in mongo::WiredTigerUtil::getStatisticsValue(__wt_session*, std::string const&, std::string const&, int) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x1779e18)
|
[MongoDFixture:job10] #2 0x173688c in mongo::StatusWith<long> mongo::WiredTigerUtil::getStatisticsValueAs<long>(__wt_session*, std::string const&, std::string const&, int, long) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x173688c)
|
[MongoDFixture:job10] #3 0x174d3a7 in mongo::WiredTigerRecordStore::storageSize(mongo::OperationContext*, mongo::BSONObjBuilder*, int) const (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x174d3a7)
|
[MongoDFixture:job10] #4 0xf11c90 in mongo::CollectionStats::run(mongo::OperationContext*, std::string const&, mongo::BSONObj&, int, std::string&, mongo::BSONObjBuilder&) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xf11c90)
|
[MongoDFixture:job10] #5 0xf08e24 in mongo::Command::run(mongo::OperationContext*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xf08e24)
|
[MongoDFixture:job10] #6 0xf0644f in mongo::Command::execCommand(mongo::OperationContext*, mongo::Command*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xf0644f)
|
[MongoDFixture:job10] #7 0x15c3bd8 in mongo::runCommands(mongo::OperationContext*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x15c3bd8)
|
[MongoDFixture:job10] #8 0x10acb5f in mongo::assembleResponse(mongo::OperationContext*, mongo::Message&, mongo::DbResponse&, mongo::HostAndPort const&) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x10acb5f)
|
[MongoDFixture:job10] #9 0xc2f0de in mongo::MyMessageHandler::process(mongo::Message&, mongo::AbstractMessagingPort*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xc2f0de)
|
[MongoDFixture:job10] #10 0x19b9c4b in mongo::PortMessageServer::handleIncomingMsg(void*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x19b9c4b)
|
[MongoDFixture:job10] #11 0x7fe08c68c6f9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76f9)
|
[MongoDFixture:job10] #12 0x7fe08c1acb5c in clone /build/glibc-GKVZIf/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
|
[MongoDFixture:job10]
|
To reproduce these issues build the server with undefined behavior sanitizer (--sanitize=undefined), after commenting out the addition of -fno-sanitize=nonnull-attribute in the top level MongoDB SConstruct file, and then run the "core" JS test suite with resmoke.
Attachments
Issue Links
- related to
-
SERVER-26058 Re-enable null parameter checks in UBSAN
-
- Closed
-
- links to