[SERVER-49997] Use after move in plan_cache_commands.cpp Created: 29/Jul/20  Updated: 29/Oct/23  Resolved: 17/Aug/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.7.0

Type: Bug Priority: Major - P3
Reporter: James Wahlin Assignee: Charlie Swanson
Resolution: Fixed Votes: 0
Labels: neweng, qopt-team, quick-tech-debt
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-49800 add use-after-move rule to clang-tidy... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

'nss' in the following code is moved in a QueryRequest object and then referenced again when creating an ExtensionsCallbackReal instance. 

https://github.com/mongodb/mongo/blob/4b880132b11c16a4a0cba4e5c3ce77892dd01f7c/src/mongo/db/commands/plan_cache_commands.cpp#L88-L94

This has the potential to cause problems, as ExtensionsCallbackReal uses this namespace in construction of a TextMatchExpression, which then obtains db and collection locks on the namespace.



 Comments   
Comment by Githook User [ 14/Aug/20 ]

Author:

{'name': 'Charlie Swanson', 'email': 'charlie.swanson@mongodb.com', 'username': 'cswanson310'}

Message: SERVER-49997 Fix use after move in plan_cache_commands.cpp
Branch: master
https://github.com/mongodb/mongo/commit/233de0105830c2c35f5532f4e3c1122c174557ec

Comment by David Storch [ 31/Jul/20 ]

james.wahlin I'm going to tag this as owned by QO since you already have a proposed fix. Happy to have QE take it if you prefer.

Comment by James Wahlin [ 29/Jul/20 ]

Here is a proposal for fixing:

diff --git a/src/mongo/db/commands/plan_cache_commands.cpp
b/src/mongo/db/commands/plan_cache_commands.cpp
index 0bafc8533b..443d3ecc4d 100644
--- a/src/mongo/db/commands/plan_cache_commands.cpp
+++ b/src/mongo/db/commands/plan_cache_commands.cpp
@@ -85,13 +85,12 @@ StatusWith<std::unique_ptr<CanonicalQuery>>
canonicalize(OperationContext* opCtx
     }
 
     // Create canonical query
-    const NamespaceString nss(ns);
-    auto qr = std::make_unique<QueryRequest>(std::move(nss));
+    auto qr = std::make_unique<QueryRequest>(NamespaceString{ns});
     qr->setFilter(queryObj);
     qr->setSort(sortObj);
     qr->setProj(projObj);
     qr->setCollation(collationObj);
-    const ExtensionsCallbackReal extensionsCallback(opCtx, &nss);
+    const ExtensionsCallbackReal extensionsCallback(opCtx, &qr->nss());
     const boost::intrusive_ptr<ExpressionContext> expCtx;
     auto statusWithCQ =
         CanonicalQuery::canonicalize(opCtx,

 

Generated at Thu Feb 08 05:21:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.