[SERVER-6481] Invalid write to a deleted ClientCursor after yield recovery fails Created: 17/Jul/12  Updated: 11/Jul/16  Resolved: 17/Jul/12

Status: Closed
Project: Core Server
Component/s: Stability
Affects Version/s: None
Fix Version/s: 2.2.0-rc0

Type: Bug Priority: Major - P3
Reporter: Aaron Staple Assignee: Eliot Horowitz (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-6479 Seg fault in explain3.js Closed
is depended on by SERVER-6480 Seg fault in count8.js Closed
Operating System: ALL
Participants:

 Description   

There are a couple of places doing something like the following:

                bool res = yield( suggestYieldMicros() , rec );
                _yieldSometimesTracker.resetLastTime();
                return res;

If res if false, the 'this' pointer will have been deleted so calling _yieldSometimesTracker.resetLastTime() causes a write to invalid memory. I believe the resulting memory corruption causes SERVER-6480.



 Comments   
Comment by Aaron Staple [ 17/Jul/12 ]

@eliot - looks good
Will try to consolidate bb diagnosis reporting in future

Comment by Eliot Horowitz (Inactive) [ 17/Jul/12 ]

@aaron - can you take a quick look at commit

Comment by auto [ 17/Jul/12 ]

Author:

{u'date': u'2012-07-16T22:27:32-07:00', u'email': u'eliot@10gen.com', u'name': u'Eliot Horowitz'}

Message: SERVER-6481 SERVER-6480 SERVER-6479 - if after yield returns, we've been deleted, don't update timer
Branch: master
https://github.com/mongodb/mongo/commit/d13d99850ea083decb00bd20a56abb5c8f3a05fe

Generated at Thu Feb 08 03:11:48 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.