summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLuke Chen <luke.chen@mongodb.com>2021-12-21 17:28:49 +1100
committerEvergreen Agent <no-reply@evergreen.mongodb.com>2021-12-21 07:28:22 +0000
commitc0d3933a66dff6a71f141bf0e28ef17ca9cb9d9a (patch)
tree573a88cfbddebf446f4a51f7a2d495d0d50a91a3 /src
parenta84afb0182e86374f30e770afea467323817ca79 (diff)
downloadmongo-c0d3933a66dff6a71f141bf0e28ef17ca9cb9d9a.tar.gz
Import wiredtiger: 7772d3df457a763f31c7825b07230cf2f77e1eae from branch mongodb-5.2
ref: d88acfac3b..7772d3df45 for: 5.2.0-rc2 WT-8544 Fix clang UBSAN failure
Diffstat (limited to 'src')
-rw-r--r--src/third_party/wiredtiger/import.data2
-rw-r--r--src/third_party/wiredtiger/src/btree/bt_ret.c38
-rw-r--r--src/third_party/wiredtiger/src/config/config.c3
-rw-r--r--src/third_party/wiredtiger/src/config/config_collapse.c6
-rw-r--r--src/third_party/wiredtiger/src/include/misc.h3
-rw-r--r--src/third_party/wiredtiger/src/os_common/os_fstream.c3
-rw-r--r--src/third_party/wiredtiger/src/support/scratch.c11
7 files changed, 36 insertions, 30 deletions
diff --git a/src/third_party/wiredtiger/import.data b/src/third_party/wiredtiger/import.data
index d19ee0d69a1..04ad5112bcd 100644
--- a/src/third_party/wiredtiger/import.data
+++ b/src/third_party/wiredtiger/import.data
@@ -2,5 +2,5 @@
"vendor": "wiredtiger",
"github": "wiredtiger/wiredtiger.git",
"branch": "mongodb-5.2",
- "commit": "d88acfac3bc54cad6c2f7b27c1d932abac4a54a7"
+ "commit": "7772d3df457a763f31c7825b07230cf2f77e1eae"
}
diff --git a/src/third_party/wiredtiger/src/btree/bt_ret.c b/src/third_party/wiredtiger/src/btree/bt_ret.c
index 13fc999c2a3..b6a35e6c7bc 100644
--- a/src/third_party/wiredtiger/src/btree/bt_ret.c
+++ b/src/third_party/wiredtiger/src/btree/bt_ret.c
@@ -19,35 +19,27 @@ __key_return(WT_CURSOR_BTREE *cbt)
WT_ITEM *tmp;
WT_PAGE *page;
WT_ROW *rip;
- WT_SESSION_IMPL *session;
page = cbt->ref->page;
cursor = &cbt->iface;
- session = CUR2S(cbt);
if (page->type == WT_PAGE_ROW_LEAF) {
- rip = &page->pg_row[cbt->slot];
-
- /*
- * If the cursor references a WT_INSERT item, take its key. Else, if we have an exact match,
- * we copied the key in the search function, take it from there. If we don't have an exact
- * match, take the key from the original page.
- */
+ /* If the cursor references a WT_INSERT item, take its key. */
if (cbt->ins != NULL) {
cursor->key.data = WT_INSERT_KEY(cbt->ins);
cursor->key.size = WT_INSERT_KEY_SIZE(cbt->ins);
return (0);
}
+ /*
+ * If not in an insert list and there's an exact match, the row-store search function built
+ * the key we want to return in the cursor's temporary buffer. Swap the cursor's search-key
+ * and temporary buffers so we can return it (it's unsafe to return the temporary buffer
+ * itself because our caller might do another search in this table using the key we return,
+ * and we'd corrupt the search key during any subsequent search that used the temporary
+ * buffer).
+ */
if (cbt->compare == 0) {
- /*
- * If not in an insert list and there's an exact match, the row-store search function
- * built the key we want to return in the cursor's temporary buffer. Swap the cursor's
- * search-key and temporary buffers so we can return it (it's unsafe to return the
- * temporary buffer itself because our caller might do another search in this table
- * using the key we return, and we'd corrupt the search key during any subsequent search
- * that used the temporary buffer).
- */
tmp = cbt->row_key;
cbt->row_key = cbt->tmp;
cbt->tmp = tmp;
@@ -56,14 +48,16 @@ __key_return(WT_CURSOR_BTREE *cbt)
cursor->key.size = cbt->row_key->size;
return (0);
}
- return (__wt_row_leaf_key(session, page, rip, &cursor->key, false));
+
+ /* Otherwise, take the key from the original page. */
+ rip = &page->pg_row[cbt->slot];
+ return (__wt_row_leaf_key(CUR2S(cbt), page, rip, &cursor->key, false));
}
/*
- * WT_PAGE_COL_FIX, WT_PAGE_COL_VAR:
- * The interface cursor's record has usually been set, but that
- * isn't universally true, specifically, cursor.search_near may call
- * here without first setting the interface cursor.
+ * WT_PAGE_COL_FIX, WT_PAGE_COL_VAR: The interface cursor's record has usually been set, but
+ * that isn't universally true, specifically, cursor.search_near may call here without first
+ * setting the interface cursor.
*/
cursor->recno = cbt->recno;
return (0);
diff --git a/src/third_party/wiredtiger/src/config/config.c b/src/third_party/wiredtiger/src/config/config.c
index 3c004d06d0a..cd7c60cb356 100644
--- a/src/third_party/wiredtiger/src/config/config.c
+++ b/src/third_party/wiredtiger/src/config/config.c
@@ -28,7 +28,8 @@ __wt_config_initn(WT_SESSION_IMPL *session, WT_CONFIG *conf, const char *str, si
{
conf->session = session;
conf->orig = conf->cur = str;
- conf->end = str + len;
+ if ((conf->end = str) != NULL)
+ conf->end += len;
conf->depth = 0;
conf->top = -1;
conf->go = NULL;
diff --git a/src/third_party/wiredtiger/src/config/config_collapse.c b/src/third_party/wiredtiger/src/config/config_collapse.c
index 527d839f2ec..19879c597b1 100644
--- a/src/third_party/wiredtiger/src/config/config_collapse.c
+++ b/src/third_party/wiredtiger/src/config/config_collapse.c
@@ -32,7 +32,7 @@ __wt_config_collapse(WT_SESSION_IMPL *session, const char **cfg, char **config_r
*config_ret = NULL;
- WT_RET(__wt_scr_alloc(session, 0, &tmp));
+ WT_RET(__wt_scr_alloc(session, 1024, &tmp));
__wt_config_init(session, &cparser, cfg[0]);
while ((ret = __wt_config_next(&cparser, &k, &v)) == 0) {
@@ -112,8 +112,8 @@ __config_merge_scan(
WT_DECL_RET;
size_t len;
- WT_ERR(__wt_scr_alloc(session, 0, &kb));
- WT_ERR(__wt_scr_alloc(session, 0, &vb));
+ WT_ERR(__wt_scr_alloc(session, 1024, &kb));
+ WT_ERR(__wt_scr_alloc(session, 1024, &vb));
__wt_config_init(session, &cparser, value);
while ((ret = __wt_config_next(&cparser, &k, &v)) == 0) {
diff --git a/src/third_party/wiredtiger/src/include/misc.h b/src/third_party/wiredtiger/src/include/misc.h
index a75ac915e61..2b666d72ec9 100644
--- a/src/third_party/wiredtiger/src/include/misc.h
+++ b/src/third_party/wiredtiger/src/include/misc.h
@@ -362,7 +362,8 @@ union __wt_rand_state {
(buf)->size = 0; \
for (;;) { \
WT_ASSERT(session, (buf)->memsize >= (buf)->size); \
- __p = (char *)((uint8_t *)(buf)->mem + (buf)->size); \
+ if ((__p = (buf)->mem) != NULL) \
+ __p += (buf)->size; \
__space = (buf)->memsize - (buf)->size; \
\
/* Format into the buffer. */ \
diff --git a/src/third_party/wiredtiger/src/os_common/os_fstream.c b/src/third_party/wiredtiger/src/os_common/os_fstream.c
index af0bc03a104..bfdaa400967 100644
--- a/src/third_party/wiredtiger/src/os_common/os_fstream.c
+++ b/src/third_party/wiredtiger/src/os_common/os_fstream.c
@@ -132,7 +132,8 @@ __fstream_printf(WT_SESSION_IMPL *session, WT_FSTREAM *fstr, const char *fmt, va
for (;;) {
va_copy(ap_copy, ap);
- p = (char *)((uint8_t *)buf->mem + buf->size);
+ if ((p = buf->mem) != NULL)
+ p += buf->size;
WT_ASSERT(session, buf->memsize >= buf->size);
space = buf->memsize - buf->size;
WT_RET(__wt_vsnprintf_len_set(p, space, &len, fmt, ap_copy));
diff --git a/src/third_party/wiredtiger/src/support/scratch.c b/src/third_party/wiredtiger/src/support/scratch.c
index a6fff0b3e6c..2707cc5cd0c 100644
--- a/src/third_party/wiredtiger/src/support/scratch.c
+++ b/src/third_party/wiredtiger/src/support/scratch.c
@@ -67,7 +67,16 @@ __wt_buf_grow_worker(WT_SESSION_IMPL *session, WT_ITEM *buf, size_t size)
WT_ASSERT(session, buf->size <= buf->memsize);
memcpy(buf->mem, buf->data, buf->size);
}
- buf->data = (uint8_t *)buf->mem + offset;
+
+ /*
+ * There's an edge case where our caller initializes the item to zero bytes, for example if
+ * there's no configuration value and we're setting the item to reference it. In which case
+ * we never allocated memory and buf.mem == NULL. Handle the case explicitly to avoid
+ * sanitizer errors and let the caller continue. It's an error in the caller, but unless
+ * caller assumes buf.data points into buf.mem, there shouldn't be a subsequent failure, the
+ * item is consistent.
+ */
+ buf->data = buf->mem == NULL ? NULL : (uint8_t *)buf->mem + offset;
}
return (0);
View Lorry Controller Status