-
Type:
Bug
-
Resolution: Done
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:
The undefined behavior sanitizer in newer clang validates that nullptr is not passed as an argument to a function parameter marked with the nonnull attribute.
There are some places in WiredTiger that appear to do this. As a workaround, the fix for SERVER-23826 will add the flag -fno-sanitize=nonnull-attribute when building the WiredTiger subtree.
But the underlying issue should be fixed. Here is one example where nullptr is being passed to memmove:
[MongoDFixture:job10] src/third_party/wiredtiger/src/include/buf.i:79:10: runtime error: null pointer passed as argument 1, which is declared to never be null [MongoDFixture:job10] /usr/include/string.h:47:14: note: nonnull attribute specified here [MongoDFixture:job10] #0 0x2276648 in __curstat_get_value (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x2276648) [MongoDFixture:job10] #1 0x1779e18 in mongo::WiredTigerUtil::getStatisticsValue(__wt_session*, std::string const&, std::string const&, int) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x1779e18) [MongoDFixture:job10] #2 0x173688c in mongo::StatusWith<long> mongo::WiredTigerUtil::getStatisticsValueAs<long>(__wt_session*, std::string const&, std::string const&, int, long) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x173688c) [MongoDFixture:job10] #3 0x174d3a7 in mongo::WiredTigerRecordStore::storageSize(mongo::OperationContext*, mongo::BSONObjBuilder*, int) const (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x174d3a7) [MongoDFixture:job10] #4 0xf11c90 in mongo::CollectionStats::run(mongo::OperationContext*, std::string const&, mongo::BSONObj&, int, std::string&, mongo::BSONObjBuilder&) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xf11c90) [MongoDFixture:job10] #5 0xf08e24 in mongo::Command::run(mongo::OperationContext*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xf08e24) [MongoDFixture:job10] #6 0xf0644f in mongo::Command::execCommand(mongo::OperationContext*, mongo::Command*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xf0644f) [MongoDFixture:job10] #7 0x15c3bd8 in mongo::runCommands(mongo::OperationContext*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x15c3bd8) [MongoDFixture:job10] #8 0x10acb5f in mongo::assembleResponse(mongo::OperationContext*, mongo::Message&, mongo::DbResponse&, mongo::HostAndPort const&) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x10acb5f) [MongoDFixture:job10] #9 0xc2f0de in mongo::MyMessageHandler::process(mongo::Message&, mongo::AbstractMessagingPort*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0xc2f0de) [MongoDFixture:job10] #10 0x19b9c4b in mongo::PortMessageServer::handleIncomingMsg(void*) (/home/andrew/Documents/10gen/dev/src/mongodb/mongod+0x19b9c4b) [MongoDFixture:job10] #11 0x7fe08c68c6f9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76f9) [MongoDFixture:job10] #12 0x7fe08c1acb5c in clone /build/glibc-GKVZIf/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109 [MongoDFixture:job10]
To reproduce these issues build the server with undefined behavior sanitizer (--sanitize=undefined), after commenting out the addition of -fno-sanitize=nonnull-attribute in the top level MongoDB SConstruct file, and then run the "core" JS test suite with resmoke.
- related to
-
SERVER-26058 Re-enable null parameter checks in UBSAN
-
- Closed
-
- links to