[SERVER-43880] renameCollection across DBs uses unowned RecordData after cursor has been yielded Created: 08/Oct/19 Updated: 29/Oct/23 Resolved: 07/Nov/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Catalog |
| Affects Version/s: | 4.2.0 |
| Fix Version/s: | 4.3.1, 4.2.2 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Louis Williams | Assignee: | Eric Milkie |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Backport Requested: |
v4.2
|
||||
| Sprint: | Execution Team 2019-11-04, Execution Team 2019-11-18 | ||||
| Participants: | |||||
| Description |
|
renameBetweenDBs calls cursor->next() and keeps track of an unowned RecordData. After it saves, commits, and restores, it attempts to insert the RecordData it was holding in a prior snapshot. This is problematic because the RecordData can point to freed or overwritten memory. |
| Comments |
| Comment by Githook User [ 25/Nov/19 ] |
|
Author: {'email': 'milkie@mongodb.com', 'name': 'Eric Milkie', 'username': 'milkie'}Message: (cherry picked from commit a811bbe9d2489c428886288651c2dbddec0d123d) |
| Comment by Githook User [ 07/Nov/19 ] |
|
Author: {'username': 'milkie', 'email': 'milkie@mongodb.com', 'name': 'Eric Milkie'}Message: |