[SERVER-57492] Side table writes insert more than just the keystring Created: 07/Jun/21  Updated: 29/Oct/23  Resolved: 17/Jun/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 4.4.0, 5.0.0-rc0
Fix Version/s: 4.4.7, 5.0.0-rc4, 5.1.0-rc0

Type: Bug Priority: Major - P3
Reporter: Daniel Gottlieb (Inactive) Assignee: Louis Williams
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
related to SERVER-42526 IndexBuildInterceptor should store Ke... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v5.0, v4.4
Steps To Reproduce:

diff --git a/src/mongo/db/index/index_build_interceptor.cpp b/src/mongo/db/index/index_build_interceptor.cpp
index 2e79179df2..c7656c061f 100644
--- a/src/mongo/db/index/index_build_interceptor.cpp
+++ b/src/mongo/db/index/index_build_interceptor.cpp
@@ -469,6 +469,9 @@ Status IndexBuildInterceptor::sideWrite(OperationContext* opCtx,
         builder.reset();
         keyString.serialize(builder);
         BSONBinData binData(builder.buf(), builder.getSize(), BinDataGeneral);
+        logd("DBG. SideWrite. KeyString Size: {} BinData Size: {}",
+             keyString.getSize(),
+             binData.length);
         toInsert.emplace_back(BSON("op" << (op == Op::kInsert ? "i" : "d") << "key" << binData));
     }
 

resmoke run jstests/noPassthrough/hybrid_index_with_updates.js
...
[js_test:hybrid_index_with_updates] d20020| 2021-06-07T09:50:55.731-04:00 I  -        [conn1] DBG. SideWrite. KeyString Size: 6 BinData Size: 512

Sprint: Execution Team 2021-06-28
Participants:

 Description   

Writes to the side table re-use a BufBuilder to write keystrings to the hybrid index build side-table.

It seems the BinData value in the side-write gets the a length derived from the capacity of the builders buffer instead of the length. This results in (at best) wasteful resource usage (for example writing out 512 bytes for 5 byte keystrings) and (at worst) a correctness problem due to undefined behavior.



 Comments   
Comment by Vivian Ge (Inactive) [ 06/Oct/21 ]

Updating the fixversion since branching activities occurred yesterday. This ticket will be in rc0 when it’s been triggered. For more active release information, please keep an eye on #server-release. Thank you!

Comment by Githook User [ 29/Jun/21 ]

Author:

{'name': 'Louis Williams', 'email': 'louis.williams@mongodb.com', 'username': 'louiswilliams'}

Message: SERVER-57492 Side-write table should not write more than KeyString

This fixes a bug where extra data in the form of uninitialized memory was being
written to the index builds side writes table. This memory is never observed
and only takes up space in the table.

This commit also renames BufBuilder::getSize() to capacity() to conform
to the STL convention and to prevent similar bugs in the future.

(cherry picked from commit ba81849df916f6c417585c6cd51e6508be5001fe)
(cherry picked from commit baa350cb285592702833f4f51ecc7ffbb5982080)
Branch: v4.4
https://github.com/mongodb/mongo/commit/17158bd640654e34c376e99ff30cd27d35c53847

Comment by Githook User [ 23/Jun/21 ]

Author:

{'name': 'Louis Williams', 'email': 'louis.williams@mongodb.com', 'username': 'louiswilliams'}

Message: SERVER-57492 Side-write table should not write more than KeyString

This fixes a bug where extra data in the form of uninitialized memory was being
written to the index builds side writes table. This memory is never observed
and only takes up space in the table.

This commit also renames BufBuilder::getSize() to capacity() to conform
to the STL convention and to prevent similar bugs in the future.

(cherry picked from commit ba81849df916f6c417585c6cd51e6508be5001fe)
Branch: v5.0
https://github.com/mongodb/mongo/commit/baa350cb285592702833f4f51ecc7ffbb5982080

Comment by Githook User [ 17/Jun/21 ]

Author:

{'name': 'Louis Williams', 'email': 'louis.williams@mongodb.com', 'username': 'louiswilliams'}

Message: SERVER-57492 Side-write table should not write more than KeyString

This fixes a bug where extra data in the form of uninitialized memory was being
written to the index builds side writes table. This memory is never observed
and only takes up space in the table.

This commit also renames BufBuilder::getSize() to capacity() to conform
to the STL convention and to prevent similar bugs in the future.
Branch: master
https://github.com/mongodb/mongo/commit/ba81849df916f6c417585c6cd51e6508be5001fe

Generated at Thu Feb 08 05:41:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.