Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-965

overwriting/leaking the application's WT_ITEM value

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: WT2.2
    • Component/s: None
    • Labels:

      Description

      @michaelcahill, @agorrod: I'm concerned about this code in LSM cursor:

      static int
      __clsm_update(WT_CURSOR *cursor)
      {
              WT_ITEM value;
              ....
              /* Take a copy of the value: __clsm_lookup overwrites it. */
              value = cursor->value;
       
              if (F_ISSET(cursor, WT_CURSTD_OVERWRITE) ||
                  (ret = __clsm_lookup(clsm)) == 0)
                      ret = __clsm_put(session, clsm, &cursor->key, &value, 1);
      

      Doesn't this imply we've swapped out an application's value for something else, and a subsequent cursor->get_value will return the wrong thing?

      There's also the potential for a path where we might have allocated memory in the original WT_ITEM, and this would leak it because we'd overwrite it and not check it again? (I have no idea if that's possible or not, but it seems like a reasonable possibility to me.)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              michael.cahill Michael Cahill
              Reporter:
              keith.bostic Keith Bostic
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: