[SERVER-3633] three/four potential seg faults for non in mem yielding Created: 17/Aug/11  Updated: 11/Jul/16  Resolved: 29/Aug/11

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 2.0.0-rc1

Type: Bug Priority: Major - P3
Reporter: Aaron Staple Assignee: Eliot Horowitz (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-3711 Record::touch with entireRecord true ... Closed
Related
is related to SERVER-2563 When hitting disk, yield lock - phase 1 Closed
Operating System: ALL
Participants:

 Description   

See QA-10

For #1 right now I think we just touch the beginning of the record not the whole thing in all the cases where touch() gets called, but it is a latent issue. Same may be true for #2.

1) Record::touch can read one byte past the end of a record if data == end, potentially this can cause a seg fault unless we always have some padding in extents which I haven't seen
2) In update.cpp and clientcursor.cpp we use mmmutex to ensure a Record* doesn't get unmapped. However, this does not prevent the memory pointed at by the Record* from being changed. If the memory is changed so that the pointer no longer points to the beginning of a Record, it could interpret an invalid value as lengthWithHeaders and then read an invalid length when calling touch() causing a seg fault.
3) In update.cpp, when we yield for an update by id, the 'nsdt' and 'd' pointers may be invalidated causing a seg fault.



 Comments   
Comment by auto [ 29/Aug/11 ]

Author:

{u'login': u'erh', u'name': u'Eliot Horowitz', u'email': u'eliot@10gen.com'}

Message: fix yield with disk issue in update.cpp SERVER-3633
Branch: master
https://github.com/mongodb/mongo/commit/cba958b22301f26c9f29a37a533eb9a31d7c77b8

Generated at Thu Feb 08 03:03:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.