[SERVER-19276] NULL pointer crash in Chunk::_getExtremeKey Created: 02/Jul/15  Updated: 25/Jan/17  Resolved: 16/Jul/15

Status: Closed
Project: Core Server
Component/s: Sharding
Affects Version/s: 3.1.5
Fix Version/s: 3.1.6

Type: Bug Priority: Major - P3
Reporter: Kamran K. Assignee: Randolph Tan
Resolution: Done Votes: 0
Labels: 32qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Sharding 7 08/10/15
Participants:

 Description   

Chunk::_getExtremeKey has this code:

    if (doSplitAtLower) {
        // Splitting close to the lower bound means that the split point will be the
        // upper bound. Chunk range upper bounds are exclusive so skip a document to
        // make the lower half of the split end up with a single document.
        unique_ptr<DBClientCursor> cursor = conn->query(_manager->getns(),
                                                        q,
                                                        1, /* nToReturn */
                                                        1 /* nToSkip */);
 
        if (cursor->more()) {
            end = cursor->next().getOwned();
        }

cursor can be NULL when conn->query fails to initialize a client cursor due to an unreachable node (in this case, the node has been killed).


Backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f79405f6700 (LWP 16290)]
0x00000000011d5f31 in mongo::Chunk::_getExtremeKey (this=0x7f79180048b0, doSplitAtLower=true) at src/mongo/s/chunk.cpp:252
252	        if (cursor->more()) {
 
(gdb) p cursor.get()
$2 = (mongo::DBClientCursor *) 0x0
 
(gdb) bt
#0  0x00000000011d5f31 in mongo::Chunk::_getExtremeKey (this=0x7f79180048b0, doSplitAtLower=true) at src/mongo/s/chunk.cpp:252
#1  0x00000000011d7182 in mongo::Chunk::split (this=0x7f79180048b0, mode=mongo::Chunk::autoSplitInternal, resultingSplits=0x7f791f6fbda0, res=0x7f791f6fbdc0) at src/mongo/s/chunk.cpp:386
#2  0x00000000011d8f3d in mongo::Chunk::splitIfShould (this=0x7f79180048b0, dataWritten=35) at src/mongo/s/chunk.cpp:553
#3  0x000000000121213d in mongo::(anonymous namespace)::splitIfNeeded (nss=..., stats=...) at src/mongo/s/cluster_write.cpp:147
#4  0x0000000001213073 in mongo::ClusterWriter::write (this=0x7f791f6fc3b0, origRequest=..., response=0x7f791f6fc410) at src/mongo/s/cluster_write.cpp:263
#5  0x0000000001245a1a in mongo::(anonymous namespace)::ClusterWriteCmd::run (this=0x1adbd40 <mongo::(anonymous namespace)::clusterInsertCmd>, txn=0x7f78f8006130, dbname=..., cmdObj=..., options=0, 
    errmsg=..., result=...) at src/mongo/s/commands/cluster_write_cmd.cpp:150
#6  0x000000000126c99e in mongo::Command::execCommandClientBasic (txn=0x7f78f8006130, c=0x1adbd40 <mongo::(anonymous namespace)::clusterInsertCmd>, client=..., queryOptions=0, 
    ns=0x7f78f8000e64 "test.$cmd", cmdObj=..., result=...) at src/mongo/s/s_only.cpp:123
#7  0x000000000126ce3a in mongo::Command::runAgainstRegistered (ns=0x7f78f8000e64 "test.$cmd", jsobj=..., anObjBuilder=..., queryOptions=0) at src/mongo/s/s_only.cpp:164
#8  0x0000000001275c42 in mongo::Strategy::clientCommandOp (r=...) at src/mongo/s/strategy.cpp:309
#9  0x000000000126ba3f in mongo::Request::process (this=0x7f791f6fcb90, attempt=0) at src/mongo/s/request.cpp:112
#10 0x0000000000d92d44 in mongo::ShardedMessageHandler::process (this=0x7fff1692b920, m=..., p=0x3af5230) at src/mongo/s/server.cpp:142
#11 0x00000000012dc9dd in mongo::PortMessageServer::handleIncomingMsg (arg=0x3af5230) at src/mongo/util/net/message_server_port.cpp:229
#12 0x00007f79603a0182 in start_thread (arg=0x7f791f6fd700) at pthread_create.c:312
#13 0x00007f79600cd47d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111


Version: 6c49d69bbae5d8807fc205dbca12eecf1a60258b



 Comments   
Comment by Githook User [ 16/Jul/15 ]

Author:

{u'username': u'renctan', u'name': u'Randolph Tan', u'email': u'randolph@10gen.com'}

Message: SERVER-19276 NULL pointer crash in Chunk::_getExtremeKey
Branch: master
https://github.com/mongodb/mongo/commit/0ff7d59131c1710c85718e2dd54c0c1f1bd35194

Generated at Thu Feb 08 03:50:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.