[CDRIVER-1163]  Segmentation fault when mongoc_read_concern_destroy() Created: 18/Mar/16  Updated: 03/May/17  Resolved: 20/Mar/16

Status: Closed
Project: C Driver
Component/s: libmongoc
Affects Version/s: 1.3.3, 1.3.4
Fix Version/s: None

Type: Bug Priority: Critical - P2
Reporter: Peng Xie Assignee: A. Jesse Jiryu Davis
Resolution: Done Votes: 0
Labels: Bug, crash, driver
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Gentoo Linux X86_64
gcc-4.9.3
jemalloc-3.6.0
mongo-c-driver-1.3.4
libbson-1.3.4



 Description   

Sometimes mongoc_read_concern_destroy() triggers a segmentation fault:

mongoc_cursor_t *cursor = mongoc_collection_find(...);
// then call mongoc_cursor_more() and mongoc_cursor_next()
mongoc_cursor_destroy(cursor);

mongoc_cursor_destroy() calls mongoc_read_concern_destroy(), and the later crashes at bson_free (read_concern->level)



 Comments   
Comment by A. Jesse Jiryu Davis [ 20/Mar/16 ]

Thanks for letting us know!

Comment by Peng Xie [ 19/Mar/16 ]

It must be my fault.

I found a bson_t object reused after bson_destroy(), and another one never be destroyed in my code. These misbehaviors hurt the memory allocator.

After correction, no more segmentation fault is perceptible.

Sorry to bother you.

Comment by Peng Xie [ 18/Mar/16 ]

mongoc_cursor_t *cursor = mongoc_collection_find(
    collection,
    MONGOC_QUERY_NONE,
    0, /* so skip */
    1, /* limit */
    0, /* batch_size */
    &query,
    &fields,
    NULL
);

Generated at Wed Feb 07 21:11:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.