[SERVER-74238] IDL Compiler Can Generate Use-After-Move When Generating Struct Initializer Lists Created: 21/Feb/23  Updated: 29/Oct/23  Resolved: 03/Aug/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.1.0-rc0

Type: Bug Priority: Major - P3
Reporter: George Wangensteen Assignee: George Wangensteen
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by SERVER-73889 Coverity analysis defect 135067: Usin... Closed
is duplicated by SERVER-75669 Improve generation of initializer var... Closed
Assigned Teams:
Service Arch
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Service Arch 2023-08-07
Participants:

 Description   

Commands with namespace-string or namespace-string-or-UUID arguments can be described in IDL. The IDL compiler will then generate C++ code for these commands (a special type of IDL-struct) that allows them to be parsed and serialized from BSON, as well as constructed. Constructors are generated for these sorts of commands accept NamespaceString or NamespaceStringOrUUID arguments, respectively, which are used to initialize the appropriate members of the type. As of SERVER-69388, these arguments are used to initialize not only the NamespaceString{OrUUID} members of the type, but also of other members like dbName. 

The problem is that the relevant code in the IDL compiler (https://github.com/mongodb/mongo/blob/8fe8ae436514e4e490e8571219b71339333f3ceb/buildscripts/idl/idl/generator.py#L1609-L1652) , which generates the initializer lists used in the above constructors, uses move-semantics to move the constructor args (NamespaceString{OrUUID}) into the appropriate members, which means they are unsafe to use later in the initializer list. But they are used later in the initializer list to initialize other members of the type, like dbName. 

To fix this we'll need to be smarter about now the argument is used in the initializer list, either by not moving it or by using the equivalent member instead of the argument to construct later members. 



 Comments   
Comment by Githook User [ 03/Aug/23 ]

Author:

{'name': 'George Wangensteen', 'email': 'george.wangensteen@mongodb.com', 'username': 'gewa24'}

Message: SERVER-74238 - Make IDL Generated Constructor Initializer Expressions Use Data Members Instead of Moved Constructor Args
Branch: minh.luu-no_compile_sys-perf
https://github.com/mongodb/mongo/commit/6930623c265237126c0863f02d7450372d6a8291

Comment by Githook User [ 02/Aug/23 ]

Author:

{'name': 'George Wangensteen', 'email': 'george.wangensteen@mongodb.com', 'username': 'gewa24'}

Message: SERVER-74238 - Make IDL Generated Constructor Initializer Expressions Use Data Members Instead of Moved Constructor Args
Branch: master
https://github.com/mongodb/mongo/commit/6930623c265237126c0863f02d7450372d6a8291

Generated at Thu Feb 08 06:26:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.