[SERVER-36546] Buffer overflow in WTUniqueIndex cursor restore Created: 08/Aug/18  Updated: 29/Oct/23  Resolved: 13/Aug/18

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: 4.1.1
Fix Version/s: 4.1.2

Type: Bug Priority: Major - P3
Reporter: Neha Khatri Assignee: Neha Khatri
Resolution: Fixed Votes: 0
Labels: nonnyc, storage-engines
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Storage Engines 2018-08-13
Participants:
Linked BF Score: 58

 Description   

A unique index cursor restore could return a key shorter than the current key. I such a case comparing  the current key with the restored key could cause a buffer overflow.

The evergreen run reporting this memory leak:

https://evergreen.mongodb.com/task/mongodb_mongo_master_ubuntu1604_debug_aubsan_async_sharding_op_query_4e57f57add2ad51a1c8cafd3fa05ec50b6437797_18_08_06_05_51_51/0



 Comments   
Comment by Githook User [ 13/Aug/18 ]

Author:

{'username': 'nehakhatri5', 'email': 'neha.khatri@mongodb.com', 'name': 'nehakhatri5'}

Message: SERVER-36546 Be more cautious with key comparision during cursor restore.

The new format unique indexes do include the record id in their
KeyStrings. This means that restoring to the same key with a new
record id should return false so that we will skip the key with the new
record-id. To enable this we compare the current key with the key
at the saved position. This comparision should be done only if the
saved key has a size greater than or equal to the key being compared.
Branch: master
https://github.com/mongodb/mongo/commit/ad1107c0daf14c4d2a457bf6fd89d41efe58e5b4

Generated at Thu Feb 08 04:43:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.