[SERVER-5081] getMostElectable can read freed memory Created: 24/Feb/12 Updated: 11/Jul/16 Resolved: 29/Feb/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Replication |
| Affects Version/s: | 2.1.0 |
| Fix Version/s: | 2.0.4, 2.1.1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Eric Milkie | Assignee: | Eric Milkie |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL |
| Participants: |
| Description |
|
If you run jstests/sharding/mongos_no_replica_set_refresh.js with Memcheck, you will get this:
I actually ran into this on Windows first, then tried it with memcheck on Linux. On Windows, you get an assertion in the iterator code when you attempt to iterate over the freed memory in _electableSet – no memcheck required. |
| Comments |
| Comment by auto [ 05/Mar/12 ] |
|
Author: {u'login': u'milkie', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}Message: Avoids memory reads of freed memory. |
| Comment by auto [ 29/Feb/12 ] |
|
Author: {u'login': u'milkie', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}Message: Avoids memory reads of freed memory. |
| Comment by Eric Milkie [ 29/Feb/12 ] |
|
It's not a thread-safety problem; it turns out, we are erasing items in a std::set using an iterator and then attempting to increment that iterator. Erasing using an iterator invalidates that iterator, so the typical pattern is that you must do the increment before you erase. |