Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-965

overwriting/leaking the application's WT_ITEM value

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Done
    • WT2.2
    • Affects Version/s: None
    • Component/s: None

      @michaelcahill, @agorrod: I'm concerned about this code in LSM cursor:

      static int
__clsm_update(WT_CURSOR *cursor)
{
        WT_ITEM value;
        ....
        /* Take a copy of the value: __clsm_lookup overwrites it. */
        value = cursor->value;

        if (F_ISSET(cursor, WT_CURSTD_OVERWRITE) ||
            (ret = __clsm_lookup(clsm)) == 0)
                ret = __clsm_put(session, clsm, &cursor->key, &value, 1);

      Doesn't this imply we've swapped out an application's value for something else, and a subsequent cursor->get_value will return the wrong thing?

      There's also the potential for a path where we might have allocated memory in the original WT_ITEM, and this would leak it because we'd overwrite it and not check it again? (I have no idea if that's possible or not, but it seems like a reasonable possibility to me.)

            Assignee:
            michael.cahill@mongodb.com Michael Cahill (Inactive)
            Reporter:
            keith.bostic@mongodb.com Keith Bostic (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: