[CDRIVER-755] Leaks in _mongoc_cluster_ismaster Created: 20/Jul/15  Updated: 05/Aug/15  Resolved: 22/Jul/15

Status: Closed
Project: C Driver
Component/s: libmongoc
Affects Version/s: 1.1.9
Fix Version/s: 1.1.10

Type: Bug Priority: Major - P3
Reporter: A. Jesse Jiryu Davis Assignee: A. Jesse Jiryu Davis
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to CDRIVER-745 Crash in bson_destroy, called from _m... Closed

 Description   

As originally reported, a memory leak in this call stack:

                 libbson-1.0.so.0.0.0`bson_malloc+0xa
                 libbson-1.0.so.0.0.0`bson_copy_to+0xaf
                 libmongoc-1.0.so.0.0.0`_mongoc_cluster_ismaster+0x4cf
                 libmongoc-1.0.so.0.0.0`_mongoc_cluster_reconnect_replica_set+0x496
                 libmongoc-1.0.so.0.0.0`_mongoc_cluster_reconnect+0x2d3
                 libmongoc-1.0.so.0.0.0`_mongoc_cluster_sendv+0xe6
                 libmongoc-1.0.so.0.0.0`_mongoc_cursor_next+0x29c
                 libmongoc-1.0.so.0.0.0`mongoc_cursor_next+0x65
                 libmongoc-1.0.so.0.0.0`mongoc_client_command_simple+0x51

Looking on the code https://github.com/mongodb/mongo-c-driver/blob/a0997439c86276f0dcdb49550636b11f3e407384/src/mongoc/mongoc-cluster.c#L1167
it seems like that before copying bson to tags - you need to free it first.



 Comments   
Comment by Githook User [ 05/Aug/15 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: Merge branch 'master' into 1.2.0-dev

  • master: (38 commits)
    various fixups for memory leaks and races in tests
    Fix memory leak in mongoc_uri_parse_option
    post-release bump
    1.1.10 Release
    CDRIVER-755 leaks in _mongoc_cluster_ismaster
    CDRIVER-745 test cluster node destroy, then disconnect
    CDRIVER-750 don't query recovering RS members
    spell "cyrus" correctly in install guide
    CDRIVER-745 crash in _mongoc_cluster_disconnect_node
    post-release bump
    CDRIVER-731: Do not trace SASL mutex callbacks
    debian changelog fixes for deb pkg
    1.1.9 Release
    redundant include
    CDRIVER-721 test reconnection
    CDRIVER-727 actually enable coverage in libmongoc
    update libbson to 1.1.9-dev
    CDRIVER-721 test rs and mongos, connected and not
    CDRIVER-721 additional tests
    CDRIVER-721 mongoc_client_destroy crash after connection fails
    ...

Conflicts:
CMakeLists.txt
NEWS
README.rst
build/autotools/Versions.m4
build/rpm/mongo-c-driver.spec
debian/changelog
doc/installing.page
doc/mongoc_version.page
src/libbson
src/mongoc/mongoc-cluster-private.h
src/mongoc/mongoc-cluster.c
src/mongoc/mongoc-read-prefs.c
src/mongoc/mongoc-uri.c
src/mongoc/mongoc-write-command.c
tests/mock-server.c
tests/mock-server.h
tests/test-libmongoc.c
tests/test-mongoc-client.c
tests/test-mongoc-cluster.c
tests/test-mongoc-database.c
tests/test-mongoc-read-prefs.c
tests/test-mongoc-uri.c
tests/test-sasl.c
Branch: 1.2.0-dev
https://github.com/mongodb/mongo-c-driver/commit/e62117d12a600f6cf61eb409933af6f92a3d7c22

Comment by Githook User [ 05/Aug/15 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-755 leaks in _mongoc_cluster_ismaster

mongoc_cluster_node_t.tags and replSet are overwritten with the new
ismaster response, without being destroyed first. If the node represents
a replica set member then its replica set name will be leaked. Same for
"tags" if the tags document is large enough to spill to heap.
Branch: 1.2.0-dev
https://github.com/mongodb/mongo-c-driver/commit/9bcabe263587e9ef2e76eaddd3b40e48c439a274

Comment by Githook User [ 22/Jul/15 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-755 leaks in _mongoc_cluster_ismaster

mongoc_cluster_node_t.tags and replSet are overwritten with the new
ismaster response, without being destroyed first. If the node represents
a replica set member then its replica set name will be leaked. Same for
"tags" if the tags document is large enough to spill to heap.
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/9bcabe263587e9ef2e76eaddd3b40e48c439a274

Comment by A. Jesse Jiryu Davis [ 20/Jul/15 ]

Failing to destroy the "tags" bson only causes a leak if there are enough tags to cause the bson_t to spill its storage to heap. The replica set name is also overwritten without being freed, which is a leak under all circumstances.

Comment by A. Jesse Jiryu Davis [ 20/Jul/15 ]

Related to CDRIVER-745: both bugs are mismanagement of the "tags" document on the mongoc_cluster_node_t.

Generated at Wed Feb 07 21:10:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.