[SERVER-22705] MMAPv1 BTree buckets depend on illegal-in-C++ flexible array members Created: 17/Feb/16  Updated: 06/Dec/22  Resolved: 14/Sep/18

Status: Closed
Project: Core Server
Component/s: MMAPv1
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Andrew Morrow (Inactive) Assignee: Backlog - Storage Execution Team
Resolution: Done Votes: 0
Labels: undefined-sanitizer
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Storage Execution
Operating System: ALL
Steps To Reproduce:

Run btree_interface_test under UBSAN

Participants:

 Description   

The flexible array member trick is not valid in C++, however the MMAPv1 subsystem makes extensive use of it to define BTree buckets:

https://github.com/mongodb/mongo/blob/9299908ecce87efded5f16980824490b8933678e/src/mongo/db/storage/mmap_v1/btree/btree_ondisk.h#L177

This causes UBSAN to complain about access beyond the end of the array:

src/mongo/db/storage/mmap_v1/btree/btree_logic.cpp:254:25: runtime error: index 8145 out of bounds for type 'char [4]'
    #0 0x6ab747 in mongo::BtreeLogic<mongo::BtreeLayoutV1>::dataAt(mongo::BtreeBucketV1*, short) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/storage/mmap_v1/btree/btree_logic.cpp:254:12
    #1 0x6ab747 in mongo::BtreeLogic<mongo::BtreeLayoutV1>::pushBack(mongo::BtreeBucketV1*, mongo::DiskLoc, mongo::KeyV1 const&, mongo::DiskLoc) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/storage/mmap_v1/btree/btree_logic.cpp:412
    #2 0x6aac42 in mongo::BtreeLogic<mongo::BtreeLayoutV1>::Builder::addKey(mongo::BSONObj const&, mongo::DiskLoc const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/storage/mmap_v1/btree/btree_logic.cpp:142:10
    #3 0x69274b in mongo::(anonymous namespace)::BtreeBuilderInterfaceImpl<mongo::BtreeLayoutV1>::addKey(mongo::BSONObj const&, mongo::RecordId const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/storage/mmap_v1/btree/btree_interface.cpp:54:16
    #4 0x709285 in mongo::UnitTest__SortedDataInterface__BuilderAddKey::_doTest() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/storage/sorted_data_interface_test_bulkbuilder.cpp:55:9
    #5 0x7cb778 in mongo::unittest::Test::run() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:147:9
    #6 0x70fb73 in void mongo::unittest::Suite::runTestObject<mongo::UnitTest__SortedDataInterface__BuilderAddKey>() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:405:9
    #7 0x7ccf0d in mongo::unittest::TestHolder::run() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:257:9
    #8 0x7ccf0d in mongo::unittest::Suite::run(std::string const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:263
    #9 0x7ce3d7 in mongo::unittest::Suite::run(std::vector<std::string, std::allocator<std::string> > const&, std::string const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:321:27
    #10 0x7d3957 in main /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest_main.cpp:40:12
    #11 0x7f3328cb5a3f in __libc_start_main /build/buildd/glibc-2.21/csu/libc-start.c:289
    #12 0x623dd8 in _start (/home/andrew/Documents/10gen/dev/src/mongodb/build/optdebug/mongo/db/storage/mmap_v1/btree_interface_test+0x623dd8)


Generated at Thu Feb 08 04:01:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.