[SERVER-22701] $replace modifier has UB misaligned store and is not endian safe Created: 17/Feb/16  Updated: 14/Apr/16  Resolved: 17/Mar/16

Status: Closed
Project: Core Server
Component/s: Write Ops
Affects Version/s: None
Fix Version/s: 3.3.4

Type: Bug Priority: Major - P3
Reporter: Andrew Morrow (Inactive) Assignee: Samantha Ritter (Inactive)
Resolution: Done Votes: 0
Labels: undefined-sanitizer
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

Run modifier_object_replace_test under UBSAN

Sprint: Platforms 12 (04/01/16)
Participants:

 Description   

Running the modifier_object_replace unit test under UBSAN gives the following stack trace:

src/mongo/db/ops/modifier_object_replace.cpp:53:17: runtime error: reference binding to misaligned address 0x000002e1b7eb for type 'unsigned long long', which requires 8 byte alignment
0x000002e1b7eb: note: pointer points here
 00  11 61 00 00 00 00 00 00  00 00 00 10 72 00 01 00  00 00 10 78 00 01 00 00  00 11 62 00 00 00 00
              ^
    #0 0x6788bb in mongo::(anonymous namespace)::fixupTimestamps(mongo::BSONObj const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/ops/modifier_object_replace.cpp:52:33
    #1 0x6788bb in mongo::ModifierObjectReplace::init(mongo::BSONElement const&, mongo::ModifierInterface::Options const&, bool*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/ops/modifier_object_replace.cpp:97
    #2 0x5bff8d in (anonymous namespace)::Mod::Mod(mongo::BSONObj) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/ops/modifier_object_replace_test.cpp:68:9
    #3 0x5bee7b in (anonymous namespace)::UnitTest__Timestamp__ReplaceAll::_doTest() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/ops/modifier_object_replace_test.cpp:288:9
    #4 0x6aeb68 in mongo::unittest::Test::run() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:147:9
    #5 0x5bec4f in void mongo::unittest::Suite::runTestObject<(anonymous namespace)::UnitTest__Timestamp__ReplaceAll>() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:405:9
    #6 0x6b02fd in mongo::unittest::TestHolder::run() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:257:9
    #7 0x6b02fd in mongo::unittest::Suite::run(std::string const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:263
    #8 0x6b17c7 in mongo::unittest::Suite::run(std::vector<std::string, std::allocator<std::string> > const&, std::string const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:321:27
    #9 0x6b6ee7 in main /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest_main.cpp:40:12
    #10 0x7f11d9f7ea3f in __libc_start_main /build/buildd/glibc-2.21/csu/libc-start.c:289
    #11 0x5a67a8 in _start (/home/andrew/Documents/10gen/dev/src/mongodb/build/optdebug/mongo/db/ops/modifier_object_replace_test+0x5a67a8)

The offending code is this block:

https://github.com/mongodb/mongo/blob/95ca58f7396c1c4e1c5e54caa81dda875ca87b57/src/mongo/db/ops/modifier_object_replace.cpp#L44-L60

The code should be re-written in terms of the DataCursor/DataView primitives.



 Comments   
Comment by Githook User [ 17/Mar/16 ]

Author:

{u'username': u'samantharitter', u'name': u'samantharitter', u'email': u'samantha.ritter@10gen.com'}

Message: SERVER-22701 Make replace modifier timestamp handling endian-safe
Branch: master
https://github.com/mongodb/mongo/commit/31701cb45e15c8c6cd7f89232c04893aad7565fe

Generated at Thu Feb 08 04:01:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.