Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-650

Crash in mongoc_stream_check_closed

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Critical - P2 Critical - P2
    • 1.1.7
    • Affects Version/s: 1.1.4
    • Component/s: libmongoc
    • None

      Crash with backtrace like:

      mongoc_stream_check_closed ()
_mongoc_cluster_sendv () 
_mongoc_cursor_next ()
mongoc_cursor_next ()

      mongoc_stream_check_closed only checks if "stream" is NULL in debug mode; a release-mode driver will crash if the stream passed to function is NULL.

      Likely cause:

      • Start a cursor, complete the initial query on a primary, the cursor has a "hint", the index of its server in driver's array of servers
      • Shut down the primary
      • Do another operation on the cluster, forcing the driver to reconnect and change cluster state (fewer servers, different servers, a server with a cleared stream?)
      • Iterate the cursor to completion - it tries to send a getmore using its "hint", which may be out of bounds now, or point to a different server?, or point to a server with a NULL stream, not sure which of these three is possible
      • Segfault

      There seem likely a number of ways the cursor's "hint" can be invalidated. Avoid crashes in all of them for the 1.1.x code.

      Good news - this is all completely re-architected and corrected in 1.2, but 1.2. won't be released until EOQ at the earliest.

        1. CDRIVER-650-2.py
          0.7 kB
        2. example-client.c
          2 kB

            Assignee:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Reporter:
            jesse@mongodb.com A. Jesse Jiryu Davis
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: