[SERVER-43205] Constructing a Value with an invalid string can trigger a verify() on debug builds Created: 06/Sep/19 Updated: 29/Oct/23 Resolved: 19/Sep/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.3.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Nicholas Zolnierz | Assignee: | Justin Seyster |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Participants: | |||||
| Linked BF Score: | 8 | ||||
| Description |
|
As part of the construction of Value from a string, we first create an RCString then set the generic ptr in the value storage. However if the construction of the RCString throws because the string is too large, then unrolling the ValueStorage will trip this verify since we didn't get to the point in the constructor where the refCounter bit is set. |
| Comments |
| Comment by Githook User [ 19/Sep/19 ] |
|
Author: {'username': 'jseyster', 'email': 'justin.seyster@mongodb.com', 'name': 'Justin Seyster'}Message: |
| Comment by Charlie Swanson [ 12/Sep/19 ] |
|
justin.seyster can you take a look at this for BF Friday tomorrow? nicholas.zolnierz has started to think about this a bit so may have some tips for you. |