[SERVER-22569] Initialization of eooElement static local variable isn't thread safe with MSVC 2013 Created: 10/Feb/16 Updated: 17/Nov/16 Resolved: 12/Feb/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Querying, Sharding |
| Affects Version/s: | None |
| Fix Version/s: | 3.0.10, 3.2.4, 3.3.2 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Max Hirschhorn | Assignee: | Max Hirschhorn |
| Resolution: | Done | Votes: | 0 |
| Labels: | code-only | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | Windows | ||||
| Backport Completed: | |||||
| Sprint: | Query 10 (02/22/16) | ||||
| Participants: | |||||
| Linked BF Score: | 0 | ||||
| Description |
|
As part of the changes from
Due to the lack of thread-safe function local static initialization support in MSVC 2013, it's possible for the findParentEqualityElement() function to be called by multiple threads concurrently and for one of the threads to return a reference to uninitialized memory. Analysis from the core dump attached to this ticketBelow are the values of the local variables in the checkEqualityConflicts() function. It's peculiar that parentEl isn't present in this list; however, the fact that parentPathPart == -1 indicates that the findParentEqualityElement() function returned eooElement.
Below is the assembly code corresponding to these lines of findParentEqualityElement(). The dword ptr [eooElement+10h (07F7B7D3C940h)] address is set to 1 when eooElement is being initialized and not after it has been initialized. It's then possible that another thread performs test al,1 and returns [eooElement (07F7B7D3C930h)] prior to the BSONElement value being fully initialized.
|
| Comments |
| Comment by Githook User [ 20/Feb/16 ] |
|
Author: {u'username': u'visemet', u'name': u'Max Hirschhorn', u'email': u'max.hirschhorn@mongodb.com'}Message: MSVC 2013 doesn't support thread-safe initialization of function-local (cherry picked from commit 4f1cc51f3e21e4ff76c68e86ecae4e5d138de0aa) |
| Comment by Githook User [ 20/Feb/16 ] |
|
Author: {u'username': u'visemet', u'name': u'Max Hirschhorn', u'email': u'max.hirschhorn@mongodb.com'}Message: MSVC 2013 doesn't support thread-safe initialization of function-local (cherry picked from commit 4f1cc51f3e21e4ff76c68e86ecae4e5d138de0aa) |
| Comment by Githook User [ 12/Feb/16 ] |
|
Author: {u'username': u'visemet', u'name': u'Max Hirschhorn', u'email': u'max.hirschhorn@mongodb.com'}Message: MSVC 2013 doesn't support thread-safe initialization of function-local |