[SERVER-6856] potential out of bounds read in prefetchRecordPages() Created: 25/Aug/12  Updated: 11/Jul/16  Resolved: 27/Aug/12

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: None
Fix Version/s: 2.2.1, 2.3.0

Type: Bug Priority: Major - P3
Reporter: Aaron Staple Assignee: Eric Milkie
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Description   

It looks like prefetchRecordPages() can read one byte past the end of a matching document:

                    // hit the last page, in case we missed it above
                    _dummy_char += *(result.objdata() + result.objsize());

I think one byte past the end of a document might not be in mapped memory, since I don't think the file, extent, or record structures have footers.



 Comments   
Comment by auto [ 12/Sep/12 ]

Author:

{u'date': u'2012-08-27T10:52:55-07:00', u'email': u'milkie@10gen.com', u'name': u'Eric Milkie'}

Message: SERVER-6856 do not read past the end of a record
Branch: v2.2
https://github.com/mongodb/mongo/commit/44634c4ad56652d4d66e64f9170a6d699bad9253

Comment by Eric Milkie [ 27/Aug/12 ]

Not only are we reading past the end of a record, we might be paging in the wrong page. Thanks for spotting this.

Comment by auto [ 27/Aug/12 ]

Author:

{u'date': u'2012-08-27T10:52:55-07:00', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}

Message: SERVER-6856 do not read past the end of a record
Branch: master
https://github.com/mongodb/mongo/commit/9b6f04532b2c69f1a2932ce16aac9f49d0af3891

Generated at Thu Feb 08 03:12:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.