<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 06:32:23 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-76321] Buffer overrun while deserializing compound group key spilled to disk in SBE hash agg implementation</title>
                <link>https://jira.mongodb.org/browse/SERVER-76321</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Our current strategy for executing $group in most contexts is a hash aggregation. Namely, we maintain a hash table which maps from group key to accumulator state. In order to avoid using too much memory, when this hash table grows large enough it gets serialized to disk. This slot-based execution engine (SBE) implementation spills to an internal table managed by the storage engine using a type called &lt;tt&gt;TemporaryRecordStore&lt;/tt&gt;.&#160;The keys of this spill table are serialized to an internal format called &lt;tt&gt;KeyString&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;We have discovered a buffer overrun bug related to the deserialization of &lt;tt&gt;KeyStrings&lt;/tt&gt; to a &lt;tt&gt;MaterializedRow&lt;/tt&gt; of SBE values. This can cause queries to fail with &lt;tt&gt;tassert()&lt;/tt&gt; code 6136200. Given potential memory corruption, it could also lead to crashing with a segfault.&lt;/p&gt;

&lt;p&gt;A &lt;tt&gt;tassert()&lt;/tt&gt; error message like the following one of the possible symptoms of this bug:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;{&quot;t&quot;:{&quot;$date&quot;:&quot;2023-04-20T16:21:05.592-04:00&quot;},&quot;s&quot;:&quot;E&quot;,  &quot;c&quot;:&quot;ASSERT&quot;,   &quot;id&quot;:4457000, &quot;ctx&quot;:&quot;conn1&quot;,&quot;msg&quot;:&quot;Tripwire assertion&quot;,&quot;attr&quot;:{&quot;error&quot;:{&quot;code&quot;:6136200,&quot;codeName&quot;:&quot;Location6136200&quot;,&quot;errmsg&quot;:&quot;sbe tag must be &apos;Boolean&apos;&quot;},&quot;location&quot;:&quot;{fileName:\&quot;src/mongo/db/exec/sbe/values/value_builder.h\&quot;, line:332, functionName:\&quot;readValues\&quot;}&quot;}}&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;</description>
                <environment></environment>
        <key id="2319182">SERVER-76321</key>
            <summary>Buffer overrun while deserializing compound group key spilled to disk in SBE hash agg implementation</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="1" iconUrl="https://jira.mongodb.org/images/icons/priorities/blocker.svg">Blocker - P1</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="david.storch@mongodb.com">David Storch</assignee>
                                    <reporter username="david.storch@mongodb.com">David Storch</reporter>
                        <labels>
                    </labels>
                <created>Wed, 19 Apr 2023 20:42:13 +0000</created>
                <updated>Wed, 24 Jan 2024 15:17:36 +0000</updated>
                            <resolved>Mon, 24 Apr 2023 19:30:32 +0000</resolved>
                                    <version>6.0.5</version>
                    <version>6.3.0-rc3</version>
                                    <fixVersion>7.1.0-rc0</fixVersion>
                    <fixVersion>6.0.6</fixVersion>
                    <fixVersion>7.0.0-rc1</fixVersion>
                    <fixVersion>6.3.2</fixVersion>
                                                        <votes>0</votes>
                                    <watches>14</watches>
                                                                                                                <comments>
                            <comment id="5375486" author="xgen-internal-githook" created="Tue, 25 Apr 2023 22:14:23 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;David Storch&apos;, &apos;email&apos;: &apos;david.storch@mongodb.com&apos;, &apos;username&apos;: &apos;dstorch&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-76321&quot; title=&quot;Buffer overrun while deserializing compound group key spilled to disk in SBE hash agg implementation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-76321&quot;&gt;&lt;del&gt;SERVER-76321&lt;/del&gt;&lt;/a&gt; Fix buffer overrun in &apos;RowValueBuilder&apos;&lt;/p&gt;

&lt;p&gt;(cherry picked from commit bae7293f42adc498fe53d9a31e8f7fae07061e0c)&lt;br/&gt;
Branch: v6.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/943e6718cd7c1dc17e8f0abea4c81678921db677&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/943e6718cd7c1dc17e8f0abea4c81678921db677&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5374997" author="xgen-internal-githook" created="Tue, 25 Apr 2023 19:39:38 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;David Storch&apos;, &apos;email&apos;: &apos;david.storch@mongodb.com&apos;, &apos;username&apos;: &apos;dstorch&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-76321&quot; title=&quot;Buffer overrun while deserializing compound group key spilled to disk in SBE hash agg implementation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-76321&quot;&gt;&lt;del&gt;SERVER-76321&lt;/del&gt;&lt;/a&gt; Fix buffer overrun in &apos;RowValueBuilder&apos;&lt;/p&gt;

&lt;p&gt;(cherry picked from commit df1428dfe4fc4fa1dc7234aedce81344ebd9b609)&lt;br/&gt;
Branch: v6.3&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/bae7293f42adc498fe53d9a31e8f7fae07061e0c&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/bae7293f42adc498fe53d9a31e8f7fae07061e0c&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5372330" author="xgen-internal-githook" created="Mon, 24 Apr 2023 22:33:21 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;David Storch&apos;, &apos;email&apos;: &apos;david.storch@mongodb.com&apos;, &apos;username&apos;: &apos;dstorch&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-76321&quot; title=&quot;Buffer overrun while deserializing compound group key spilled to disk in SBE hash agg implementation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-76321&quot;&gt;&lt;del&gt;SERVER-76321&lt;/del&gt;&lt;/a&gt; Fix buffer overrun in &apos;RowValueBuilder&apos;&lt;/p&gt;

&lt;p&gt;(cherry picked from commit df1428dfe4fc4fa1dc7234aedce81344ebd9b609)&lt;br/&gt;
Branch: v7.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/1408637869487555bdeaa58245db974270ec2222&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/1408637869487555bdeaa58245db974270ec2222&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5371606" author="xgen-internal-githook" created="Mon, 24 Apr 2023 18:41:52 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;David Storch&apos;, &apos;email&apos;: &apos;david.storch@mongodb.com&apos;, &apos;username&apos;: &apos;dstorch&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-76321&quot; title=&quot;Buffer overrun while deserializing compound group key spilled to disk in SBE hash agg implementation&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-76321&quot;&gt;&lt;del&gt;SERVER-76321&lt;/del&gt;&lt;/a&gt; Fix buffer overrun in &apos;RowValueBuilder&apos;&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/df1428dfe4fc4fa1dc7234aedce81344ebd9b609&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/df1428dfe4fc4fa1dc7234aedce81344ebd9b609&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5360615" author="david.storch" created="Wed, 19 Apr 2023 21:18:48 +0000"  >&lt;p&gt;I realized after some further experimentation that ObjectIds aren&apos;t actually necessary to trigger the tassert(). I&apos;m adjusting the title, repro script, and description accordingly.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="2155277">SERVER-70395</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25578"><![CDATA[v7.0]]></customfieldvalue>
    <customfieldvalue key="25376"><![CDATA[v6.3]]></customfieldvalue>
    <customfieldvalue key="23470"><![CDATA[v6.0]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5006R00001sEaBPQA0]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 20 Apr 2023 20:23:47 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        41 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16941"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>karman.liu@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            41 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>david.storch@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i25hc7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i1nslk:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_22250" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Special Downgrade Instructions Required</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="23343"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="6998">QE 2023-05-01</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i253hj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>