[CDRIVER-2576] segmentation fault occurred at _mongoc_cluster_run_ismaster() Created: 29/Mar/18  Updated: 28/Oct/23  Resolved: 30/Mar/18

Status: Closed
Project: C Driver
Component/s: libmongoc
Affects Version/s: 1.9.0
Fix Version/s: 1.9.4

Type: Bug Priority: Critical - P2
Reporter: Yuichi Ogino Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: Bug
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

OS : Red Hat Enterprise Linux Server release 7.1 (Maipo)


Issue Links:
Problem/Incident
causes CDRIVER-2609 Empty error after server removed from... Closed
is caused by CDRIVER-2192 Implement Driver Sessions API Closed

 Description   

file "mongoc-cluster.c"
function "_mongoc_cluster_run_ismaster"

721 sd = _mongoc_stream_run_ismaster (
722 cluster, node->stream, node->connection_address, server_id);
723
724 if (sd->type == MONGOC_SERVER_UNKNOWN) {

This code stores some value in the variable "sd", and uses "sd->type" in the if statement.
But, when "sd" is NULL, segmentation fault occurred at the if statement.

At v1.9.3, some decisions are added to the function "_mongoc_stream_run_ismaster",
and the function returns NULL when it violates the condition.
These decisions are not implemented at v1.8.2, so this problem not happened at v1.8.2.

back trace log:

#0  0x00007f145c7a7e22 in _mongoc_cluster_run_ismaster (cluster=0x238b318,
    node=0x23ab1c0, server_id=1, error=0x7ffffc692480)
    at src/mongoc/mongoc-cluster.c:724
#1  0x00007f145c7a9923 in _mongoc_cluster_add_node (cluster=0x238b318,
    server_id=1, error=0x7ffffc692480) at src/mongoc/mongoc-cluster.c:1489
#2  0x00007f145c7aa2c5 in mongoc_cluster_fetch_stream_pooled (
    cluster=0x238b318, server_id=1, reconnect_ok=true, error=0x7ffffc692480)
    at src/mongoc/mongoc-cluster.c:1834
#3  0x00007f145c7a9c0d in _mongoc_cluster_stream_for_server (
    cluster=0x238b318, server_id=1, reconnect_ok=true, error=0x7ffffc692480)
    at src/mongoc/mongoc-cluster.c:1601
#4  0x00007f145c7aa627 in _mongoc_cluster_stream_for_optype (
    cluster=0x238b318, optype=MONGOC_SS_READ, read_prefs=0x0,
    error=0x7ffffc692480) at src/mongoc/mongoc-cluster.c:1981
#5  0x00007f145c7aa65e in mongoc_cluster_stream_for_reads (cluster=0x238b318,
    read_prefs=0x0, error=0x7ffffc692480) at src/mongoc/mongoc-cluster.c:2011
#6  0x00007f145c7a3771 in _mongoc_client_command_with_opts (client=0x238b310,
    db_name=0x23aaa88 "my_db", command=0x7ffffc692300,
    mode=MONGOC_CMD_READ, opts=0x0, flags=MONGOC_QUERY_NONE,
    default_prefs=0x0, default_rc=0x0, default_wc=0x0, reply=0x7ffffc692280,
    error=0x7ffffc692480) at src/mongoc/mongoc-client.c:1778
#7  0x00007f145c7baa24 in mongoc_database_command_simple (database=0x23aaa80,
    command=0x7ffffc692300, read_prefs=0x0, reply=0x7ffffc692280,
    error=0x7ffffc692480) at src/mongoc/mongoc-database.c:214



 Comments   
Comment by Yuichi Ogino [ 12/Apr/18 ]

Thank you for fixing the problem.
I tried using v1.9.4 mongo-c-driver and confirmed that segmentation fault didn't occur.
But, there was no error message although it occured error.
After back-trace-log #0, value of the variable "error" at back-trace-log #7 is the following.

(gdb) print *error
$5 = {domain = 0, code = 0, message = '\000' <repeats 503 times>}

Comment by Githook User [ 10/Apr/18 ]

Author:

{'name': 'Kevin Albertson', 'username': 'kevinAlbs', 'email': 'kevin.albertson@10gen.com'}

Message: CDRIVER-2576 check stream_run_ismaster return
Branch: r1.9-dfsg
https://github.com/mongodb/mongo-c-driver/commit/4df2aa565446b153299552b10c1a611d1e346eb9

Comment by Githook User [ 10/Apr/18 ]

Author:

{'email': 'kevin.albertson@10gen.com', 'name': 'Kevin Albertson', 'username': 'kevinAlbs'}

Message: CDRIVER-2576 check stream_run_ismaster return
Branch: debian
https://github.com/mongodb/mongo-c-driver/commit/4df2aa565446b153299552b10c1a611d1e346eb9

Comment by Kevin Albertson [ 30/Mar/18 ]

Hi Yuichi, this has been fixed on master and will be released as part of 1.9.4 sometime next week.

Comment by Githook User [ 30/Mar/18 ]

Author:

{'email': 'kevin.albertson@10gen.com', 'name': 'Kevin Albertson', 'username': 'kevinAlbs'}

Message: CDRIVER-2576 check stream_run_ismaster return
Branch: r1.9
https://github.com/mongodb/mongo-c-driver/commit/4df2aa565446b153299552b10c1a611d1e346eb9

Comment by Yuichi Ogino [ 30/Mar/18 ]

Thank you for the reply.

You're using a mongoc_client_pool_t, is that correct?

Yes, I'm using it.

Comment by Githook User [ 29/Mar/18 ]

Author:

{'email': 'kevin.albertson@10gen.com', 'name': 'Kevin Albertson', 'username': 'kevinAlbs'}

Message: CDRIVER-2576 check stream_run_ismaster return
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/3b9c2b349988b362c00314007434a81543613c23

Comment by A. Jesse Jiryu Davis [ 29/Mar/18 ]

Thanks for the superb bug report and stack trace.

You're using a mongoc_client_pool_t, is that correct? I think the bug only happens in mongoc_cluster_fetch_stream_pooled.

The bug was introduced in version 1.9.0 while implementing mongoc_client_session_t in CDRIVER-2192:

https://github.com/mongodb/mongo-c-driver/commit/e1c3b072b984ac6c9934d57e45edbe52a137bace#diff-f2707266016fd5d134ea334ccdd752e9R611

Before this commit, if the server description had been removed from the topology description, then the next time the client opened a new connection to the server it didn't care that the server wasn't in the topology description. After this commit, if the server description had been removed, then the client short-circuited from _mongoc_stream_run_ismaster, and returned NULL. I should have updated that function's caller, _mongoc_cluster_run_ismaster, to expect the NULL return but I didn't.

Generated at Wed Feb 07 21:15:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.