[SERVER-6856] potential out of bounds read in prefetchRecordPages() Created: 25/Aug/12 Updated: 11/Jul/16 Resolved: 27/Aug/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Storage |
| Affects Version/s: | None |
| Fix Version/s: | 2.2.1, 2.3.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Aaron Staple | Assignee: | Eric Milkie |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL |
| Participants: |
| Description |
|
It looks like prefetchRecordPages() can read one byte past the end of a matching document:
I think one byte past the end of a document might not be in mapped memory, since I don't think the file, extent, or record structures have footers. |
| Comments |
| Comment by auto [ 12/Sep/12 ] |
|
Author: {u'date': u'2012-08-27T10:52:55-07:00', u'email': u'milkie@10gen.com', u'name': u'Eric Milkie'}Message: |
| Comment by Eric Milkie [ 27/Aug/12 ] |
|
Not only are we reading past the end of a record, we might be paging in the wrong page. Thanks for spotting this. |
| Comment by auto [ 27/Aug/12 ] |
|
Author: {u'date': u'2012-08-27T10:52:55-07:00', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}Message: |