[SERVER-26407] Segfault is possible in MigrationSourceManager when it calls css->getMetadata()->getCollVersion() and the collection was dropped since the migration began. Created: 30/Sep/16 Updated: 19/Nov/16 Resolved: 05/Oct/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Sharding |
| Affects Version/s: | None |
| Fix Version/s: | 3.4.0-rc1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Dianna Hohensee (Inactive) | Assignee: | Dianna Hohensee (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Sprint: | Sharding 2016-10-10 |
| Participants: |
| Description |
|
The collection can be dropped if the balancer loses the distlock during the migration. Then drop can acquire the distlock and run during the migration. This line of code,
can segfault. If the collection is not sharded (say it has been dropped), CollectionShardingState::get creates a CollectionShardingState, which creates an empty MetadataManager with no active metadata. When MetadataManager::getActiveMetadata (via css->getMetadata) is called, it returns an empty ScopedCollectionMetadata object. Then when the ScopedCollectionMetadata object is dereferenced for getCollVersion, a nullptr is accessed. This might be solved by additionally checking that css->getMetadata() returns true before proceeding with getCollVersion. css->getMetadata() returns a ScopedCollectionMetadata, which has a bool operator function defined to return true if it actually has a CollectionMetadata. Should survey all of css->getMetadata usages to make use they won't segfault. Further check in other places in MigrationSourceManager that the collection has not been dropped or recreated (it would have a different epoch in the version). |
| Comments |
| Comment by Githook User [ 05/Oct/16 ] |
|
Author: {u'username': u'DiannaHohensee', u'name': u'Dianna Hohensee', u'email': u'dianna.hohensee@10gen.com'}Message: |