[SERVER-63256] ASAN error in js_test:benchrun_scram: AddressSanitizer: stack-use-after-scope on address Created: 03/Feb/22  Updated: 29/Oct/23  Resolved: 03/Feb/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.3.0

Type: Bug Priority: Major - P3
Reporter: Adam Rayner Assignee: Adam Rayner
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Problem/Incident
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security 2022-02-07
Participants:
Linked BF Score: 175

 Description   

[js_test:benchrun_scram] ==228685==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7f61cf8fdc40 at pc 0x559e8d9ddf26 bp 0x7f61cf8fd700 sp 0x7f61cf8fceb0[js_test:benchrun_scram] READ of size 11 at 0x7f61cf8fdc40 thread T4 (js)

[js_test:benchrun_scram] Address 0x7f61cf8fdc40 is located in stack of thread T4 (js) at offset 800 in frame
[js_test:benchrun_scram]     #0 0x559e9340475f in mongo::DBClientBase::auth(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/client/dbclient_base.cpp:423
[js_test:benchrun_scram] 
[js_test:benchrun_scram]   This frame has 13 object(s):
[js_test:benchrun_scram]     [32, 64) 'agg.tmp.i.i'
[js_test:benchrun_scram]     [96, 216) 'user' (line 425)
[js_test:benchrun_scram]     [256, 288) 'agg.tmp'
[js_test:benchrun_scram]     [320, 352) 'agg.tmp2'
[js_test:benchrun_scram]     [384, 440) 'agg.tmp3'
[js_test:benchrun_scram]     [480, 528) 'mechResult' (line 427)
[js_test:benchrun_scram]     [560, 608) 'ref.tmp' (line 428)
[js_test:benchrun_scram]     [640, 672) 'agg.tmp7'
[js_test:benchrun_scram]     [704, 744) 'agg.tmp10'
[js_test:benchrun_scram]     [784, 816) 'ref.tmp20' (line 436) <== Memory access at offset 800 is inside this variable
[js_test:benchrun_scram]     [848, 864) 'authParams' (line 439)
[js_test:benchrun_scram]     [880, 896) 'agg.tmp51'
[js_test:benchrun_scram]     [912, 928) 'agg.tmp53'
[js_test:benchrun_scram] HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
[js_test:benchrun_scram]       (longjmp and C++ exceptions *are* supported)
[js_test:benchrun_scram] Thread T4 (js) created by T0 here:
[js_test:benchrun_scram]     #0 0x559e8d9c778d in __interceptor_pthread_create /data/mci/bf9fe9fe7099cc84c75c9ab85373ed19/toolchain-builder/tmp/build-llvm.sh-nzs/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:210:3
[js_test:benchrun_scram]     #1 0x559e94ca24b4 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/data/mci/f3ec9c4407665c95a8ffc620c95f904b/src/dist-test/bin/mongo+0xb5aa4b4)
[js_test:benchrun_scram]     #2 0x559e908cb8bd in mongo::stdx::thread::thread<void (*)(mongo::mozjs::MozJSProxyScope*), mongo::mozjs::MozJSProxyScope*, 0>(void (*)(mongo::mozjs::MozJSProxyScope*), mongo::mozjs::MozJSProxyScope*&&) /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/stdx/thread.h:178:11
[js_test:benchrun_scram]     #3 0x559e908cb8bd in mongo::mozjs::MozJSProxyScope::MozJSProxyScope(mongo::mozjs::MozJSScriptEngine*) /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/scripting/mozjs/proxyscope.cpp:54
[js_test:benchrun_scram]     #4 0x559e907a9931 in mongo::mozjs::MozJSScriptEngine::createScope() /data/mci/dc2193846c6fc8ee89bb76d50f84dc59/src/src/mongo/scripting/mozjs/engine.cpp:77:16
[js_test:benchrun_scram]     #5 0x559e8da1901b in mongo::mongo_main(int, char**) /data/mci/b5d83040faceee99dbd7631e71e51dfb/src/src/mongo/shell/mongo_main.cpp:845:77
[js_test:benchrun_scram]     #6 0x559e8da10fea in main /data/mci/58d7e0dc2cbc0924f9cdaeb88eafc3da/src/src/mongo/shell/mongo.cpp:42:22



 Comments   
Comment by Githook User [ 03/Feb/22 ]

Author:

{'name': 'Adam Rayner', 'email': 'adam.rayner@gmail.com', 'username': 'adamtron'}

Message: SERVER-63256 use _sd on string literal to play nice with conditional
Branch: master
https://github.com/mongodb/mongo/commit/2f4fe5d0194a4c641d9698c0f0f30b7ac2d037a0

Generated at Thu Feb 08 05:57:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.