[SERVER-21359] NULL pointer crash in MozJSImplScope::registerOperation Created: 09/Nov/15  Updated: 08/Jan/24  Resolved: 19/Nov/15

Status: Closed
Project: Core Server
Component/s: JavaScript
Affects Version/s: 3.2.0-rc2
Fix Version/s: 3.2.0-rc4

Type: Bug Priority: Major - P3
Reporter: Kamran K. Assignee: Mira Carey
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-20941 Update JS tests that have v8-specific... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platform D (12/11/15)
Participants:

 Description   

(lldb) f 1
frame #1: 0x0000000108f94b60 mongo`mongo::mozjs::MozJSImplScope::registerOperation(this=0x00007f9adc800400, txn=0x0000000000000000) + 16 at implscope.cpp:139
   136 	
   137 	void MozJSImplScope::registerOperation(OperationContext* txn) {
   138 	    invariant(_opId == 0);
-> 139 	    _opId = txn->getOpID();
   140 	
   141 	    _engine->registerOperation(txn, this);
   142 	}
(lldb) p txn
(mongo::OperationContext *) $0 = 0x0000000000000000

Backtrace:

* thread #25: tid = 0x0018, 0x0000000108f94b60 mongo`mongo::mozjs::MozJSImplScope::registerOperation(mongo::OperationContext*) [inlined] mongo::OperationContext::getOpID(this=0x0000000000000000) const at operation_context.h:156, stop reason = signal SIGSTOP
  * frame #0: 0x0000000108f94b60 mongo`mongo::mozjs::MozJSImplScope::registerOperation(mongo::OperationContext*) [inlined] mongo::OperationContext::getOpID(this=0x0000000000000000) const at operation_context.h:156
    frame #1: 0x0000000108f94b60 mongo`mongo::mozjs::MozJSImplScope::registerOperation(this=0x00007f9adc800400, txn=0x0000000000000000) + 16 at implscope.cpp:139
    frame #2: 0x0000000108fbbbf9 mongo`mongo::mozjs::MozJSProxyScope::implThread(void*) [inlined] std::__1::function<void ()>::operator()() const + 393 at functional:1756
    frame #3: 0x0000000108fbbbe1 mongo`mongo::mozjs::MozJSProxyScope::implThread(arg=0x00007f9adea22f70) + 369 at proxyscope.cpp:351
    frame #4: 0x0000000108f8692c mongo`nspr::Thread::ThreadRoutine(arg=0x00007f9adea21fd0) + 28 at PosixNSPR.cpp:56
    frame #5: 0x0000000108f86f61 mongo`void* std::__1::__thread_proxy<std::__1::tuple<void* (*)(void*), nspr::Thread*> >(void*) [inlined] decltype(__f=<unavailable>)(void*)>(fp)(std::__1::forward<nspr::Thread*>(fp0))) std::__1::__invoke<void* (*)(void*), nspr::Thread*>(void* (*&&)(void*), nspr::Thread*&&) + 97 at __functional_base:413
    frame #6: 0x0000000108f86f58 mongo`void* std::__1::__thread_proxy<std::__1::tuple<void* (*)(void*), nspr::Thread*> >(void*) [inlined] void std::__1::__thread_execute<void* (*)(void*), nspr::Thread*, 1ul>(std::__1::tuple<void* (*)(void*), nspr::Thread*>&, std::__1::__tuple_indices<1ul>) at thread:332
    frame #7: 0x0000000108f86f58 mongo`void* std::__1::__thread_proxy<std::__1::tuple<void* (*)(void*), nspr::Thread*> >(__vp=0x00007f9adea21ee0) + 88 at thread:342
    frame #8: 0x00007fff8373f05a libsystem_pthread.dylib`_pthread_body + 131
    frame #9: 0x00007fff8373efd7 libsystem_pthread.dylib`_pthread_start + 176
    frame #10: 0x00007fff8373c3ed libsystem_pthread.dylib`thread_start + 13


Version: 78d3e85ae6de50fc016433c4d161ad11b801c717



 Comments   
Comment by Githook User [ 30/Nov/15 ]

Author:

{u'username': u'hanumantmk', u'name': u'Jason Carey', u'email': u'jcarey@argv.me'}

Message: SERVER-21359 Drop pooled scopes at end of shell _main

Bench run uses pooled scopes in the shell. We need to drop those at the
end of _main to make ASAN happy.
Branch: master
https://github.com/mongodb/mongo/commit/b76257f1921451c2c3249d18ae9c43bc35b5a09e

Comment by Githook User [ 19/Nov/15 ]

Author:

{u'username': u'hanumantmk', u'name': u'Jason Carey', u'email': u'jcarey@argv.me'}

Message: SERVER-21359 let JS registerOperation take nullptr

getPooledScope takes an operationContext* that can apparently be null,
make implscope robust in that case.
Branch: master
https://github.com/mongodb/mongo/commit/c76b4ff9eb0b676dbc53ac09af9ea9a73d564a0e

Generated at Thu Feb 08 03:57:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.