Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-661

Attempting to read UINT32_MAX bytes from a page while building a dictionary

    • Type: Icon: Task Task
    • Resolution: Done
    • WT1.6.5
    • Affects Version/s: None
    • Component/s: None
    • None

      Hi Keith,

      I created an automated test with the clang "address sanitizer" (LLVM's answer to valgrind), and it found this. Can you please take a look: nothing looks obviously wrong in that code to me.

      Thanks,
      Michael.

      ==22415==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fd84ab60a00 at pc 0x43b0d9 bp 0x7fffb8f4d0d0 sp 0x7fffb8f4d0a0
      READ of size 4294967238 at 0x7fd84ab60a00 thread T0
          #0 0x43b0d8 in __interceptor_memcmp (/home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/format/t+0x43b0d8)
          WT-1 0x4ee337 in __wt_cell_pack_data_match /home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/include/cell.i:273
          WT-2 0x4ee337 in __rec_dictionary_lookup /home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/btree/rec_write.c:4600
          WT-3 0x4ee337 in __rec_dict_replace /home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/btree/rec_write.c:929
          WT-4 0x4e934f in __wt_rec_col_var_bulk_insert /home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/btree/rec_write.c:2174
          WT-5 0x5a4773 in __wt_bulk_insert /home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/btree/bt_bulk.c:77
          WT-6 0x59cb34 in __curbulk_insert /home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/cursor/cur_bulk.c:33
          WT-7 0x44f67f in wts_load /home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/format/../../../test/format/bulk.c:115
          WT-8 0x45875b in main /home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/format/../../../test/format/t.c:130
          WT-9 0x3afec21a04 in __libc_start_main (/lib64/libc.so.6+0x3afec21a04)
          WT-10 0x44ccbc (/home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/format/t+0x44ccbc)
      0x7fd84ab60a00 is located 0 bytes to the right of 131584-byte region [0x7fd84ab40800,0x7fd84ab60a00)
      allocated by thread T0 here:
          #0 0x43eebc in __interceptor_posix_memalign (/home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/format/t+0x43eebc)
          WT-1 0x475962 in __wt_realloc_aligned /home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/os_posix/os_alloc.c:139
          WT-2 0x499ee1 in __wt_buf_grow /home/jenkins/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/support/scratch.c:67
      

            Assignee:
            keith.bostic@mongodb.com Keith Bostic (Inactive)
            Reporter:
            michael.cahill@mongodb.com Michael Cahill (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: