[SERVER-23709] ValueStorage::putString dassert accesses array out of bounds Created: 14/Apr/16 Updated: 26/Apr/16 Resolved: 15/Apr/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Aggregation Framework |
| Affects Version/s: | None |
| Fix Version/s: | 3.3.5 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Andrew Morrow (Inactive) | Assignee: | Andrew Morrow (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | undefined-sanitizer | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Steps To Reproduce: | Run the aggregation unit tests under the undefined behavior sanitizer. |
| Sprint: | Platforms 13 (04/22/16) |
| Participants: |
| Description |
|
The dassert in ValueStorage::putString, as its comment indicates, may access memory beyond the end of the shortStrStorage array. This is harmless in practice since we know that the byte following is a NUL character, but it still trips the undefined behavior sanitizer. The dassert can be re-written to stay within bounds. |
| Comments |
| Comment by Githook User [ 15/Apr/16 ] |
|
Author: {u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@mongodb.com'}Message: |