[SERVER-68234] Enforce fillLockerInfo() resource type index bounds Created: 22/Jul/22  Updated: 29/Oct/23  Resolved: 12/Sep/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 6.2.0-rc0

Type: Bug Priority: Major - P3
Reporter: Coverity Collector User Assignee: Haley Connelly
Resolution: Fixed Votes: 0
Labels: coverity
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Execution Team 2022-09-19
Participants:

 Description   

Illegal address computation

If this address is later used for bounds checking another pointer before dereferencing, an overrun may occur due to the weak guard. An illegal address is computed, which either precedes a buffer or is more than just-past its end
/src/mongo/db/stats/fill_locker_info.cpp:51: OVERRUN 123188 Checking "lockType == mongo::RESOURCE_GLOBAL" implies that "lockType" is 1 on the true branch.
/src/mongo/db/stats/fill_locker_info.cpp:51: OVERRUN 123188 Assigning: "index" = "(lockType == mongo::RESOURCE_GLOBAL) ? lock.resourceId.getHashId() : (4 + lockType - 1)". The value of "index" may now be up to 2305843009213693951.
/src/mongo/db/stats/fill_locker_info.cpp:54: OVERRUN 123188 "modeForType[index]" evaluates to an address that is at byte offset 9223372036854775804 of an array of 36 bytes.



 Comments   
Comment by Githook User [ 12/Sep/22 ]

Author:

{'name': 'Haley Connelly', 'email': 'haley.connelly@mongodb.com', 'username': 'haleyConnelly'}

Message: SERVER-68234 Enforce fillLockerInfo() resource type index bounds
Branch: master
https://github.com/mongodb/mongo/commit/279f89614eca39104d586f2cde048c9ec6ec25c8

Generated at Thu Feb 08 06:10:15 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.