A PHPC test happened to use an empty command document in an error test and inadvertently caused a segfault within libmongoc when the command name is checked. The relevant bit of the backtrace is:
#0 __strcasecmp_l_avx () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:164
No locals.
#1 0x00007f91620aec21 in mongoc_cmd_parts_append_opts (parts=0x7fff1cabe060, iter=0x7fff1cabdf90, max_wire_version=6, error=0x7fff1cabe540)
at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cmd.c:124
#2 0x00007f91620a304d in _mongoc_client_command_with_opts (client=0x20ac4f0, db_name=0x7f916ab80d88 "phongo", command=0x20aa530, mode=MONGOC_CMD_READ,
opts=0x7fff1cabe440, flags=MONGOC_QUERY_NONE, default_prefs=0x20ad000, default_rc=0x20acf60, default_wc=0x20aceb0, reply=0x7fff1cabe3c0, error=0x7fff1cabe540)
at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-client.c:1778
The point of the exception is this line in mongoc_cmd_parts_append_opts() when checking if the command is "findAndModify". Note that a similar check happens higher up in _mongoc_client_command_with_opts() when deciding if a default write concern should be applied.
An additional point of interest may be _mongoc_cursor_run_command() when checking for a "getMore" command.
_mongoc_get_command_name() is also used to assign parts->assembled.command_name in mongoc_cmd_parts_assemble() but an error is raised for an empty command document if the name is NULL. mongoc-cursor-cursorid.c also calls _mongoc_get_command_name() to craft an error message; however, that should not be a concern as printf patterns should be able to handle NULL char * values.
- is related to
-
PHPC-1066 Create a method that makes sure unsupported options throw an error
-
- Closed
-