[SERVER-17226] 'top' command with 64MB result document can terminate server Created: 09/Feb/15  Updated: 18/Sep/15  Resolved: 13/Mar/15

Status: Closed
Project: Core Server
Component/s: Diagnostics
Affects Version/s: 3.0.0-rc8
Fix Version/s: 2.6.9, 3.0.1, 3.1.0

Type: Bug Priority: Major - P3
Reporter: Kamran K. Assignee: Mathias Stearn
Resolution: Done Votes: 0
Labels: 28qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-7459 BSONObjBuilder and BSONArrayBuilder m... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Participants:

 Description   

A top command that produces a document that is ~64MB can terminate the server. See top.cpp below (and SERVER-7459 and SERVER-17224)

db/stats/top.cpp

197    virtual bool run(OperationContext* txn, const string&, BSONObj& cmdObj, int, string& errmsg, BSONObjBuilder& result, bool fromRepl) {
198    {
199        BSONObjBuilder b( result.subobjStart( "totals" ) );
200        b.append( "note", "all times in microseconds" );

If b.append throws, the destructor for b will call BSONObjBuilder::_done. _done will throw an exception if result is 64MB because it will attempt to grow to accommodate EOO, which pushes it past the internal 64MB limit.



 Comments   
Comment by Githook User [ 06/Mar/15 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-17224 Reserve room for EOO byte when starting BSONObj building

Since _done() is called from ~BSONObjBuilder we need to ensure that it cannot
fail. This prevents a double exception leading to a std::terminate call.

This also resolves SERVER-17226.

(cherry picked from commit a0db9321139e8da657638ddbe7e86d8bac9ea3cc)
Branch: v2.6
https://github.com/mongodb/mongo/commit/b6a66a0c3494687c8b059d5f39de072a22e650a4

Comment by Githook User [ 05/Mar/15 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-17224 Reserve room for EOO byte when starting BSONObj building

Since _done() is called from ~BSONObjBuilder we need to ensure that it cannot
fail. This prevents a double exception leading to a std::terminate call.

This also resolves SERVER-17226.

(cherry picked from commit a0db9321139e8da657638ddbe7e86d8bac9ea3cc)
Branch: v3.0
https://github.com/mongodb/mongo/commit/0cbcdfd5b4cd4961b448f1a35fd0d4ea19629b93

Comment by Githook User [ 05/Mar/15 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-17224 Reserve room for EOO byte when starting BSONObj building

Since _done() is called from ~BSONObjBuilder we need to ensure that it cannot
fail. This prevents a double exception leading to a std::terminate call.

This also resolves SERVER-17226.
Branch: master
https://github.com/mongodb/mongo/commit/a0db9321139e8da657638ddbe7e86d8bac9ea3cc

Generated at Thu Feb 08 03:43:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.