[SERVER-10795] Interrupting Javascript during V8Scope initialization causes resource leak Created: 17/Sep/13  Updated: 11/Jul/16  Resolved: 07/Oct/13

Status: Closed
Project: Core Server
Component/s: JavaScript
Affects Version/s: 2.4.6, 2.5.2
Fix Version/s: 2.5.3

Type: Bug Priority: Major - P3
Reporter: J Rassi Assignee: Mathias Stearn
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

The V8Scope constructor is not exception-safe, and will leak V8 isolates if an exception is thrown. Thus, if a user executes a Javascript operation that acquires a new scope, and then interrupts that operation while its initialization files are being executed (assert.js, types.js), the half-constructed V8Scope object will be leaked. The initialization files can take on the order of ~100 milliseconds to run.

Reproduce in master with:

for (;;) { db.runCommand({eval: function(){}, maxTimeMS: 1}); }

On my local machine, the above leaks 2GB in ~30 seconds. The same occurs in 2.4.6 using killOp instead of maxTimeMS. No V8Scope is ever successfully constructed, and the scope pool remains empty.



 Comments   
Comment by auto [ 07/Oct/13 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-10795 clean up V8Scope if exception thrown in constructor
Branch: master
https://github.com/mongodb/mongo/commit/af5bab59517363df5c9bfe307525676073677756

Generated at Thu Feb 08 03:24:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.