ISSUE SUMMARY
Specifying a non-positive value (including NaN) for the radius in a $centerSphere geo query causes a fatal assertion and a crash of the server.
USER IMPACT
Users who don't validate the inputs of their geo queries client-side can crash the server. Like all server failures, this may lead to immediate or eventual (in the case of replica sets) unavailability of the database.
WORKAROUNDS
Make sure that the radius specified in $centerSphere for geo queries is a positive number.
AFFECTED VERSIONS
All production releases up to version 2.6.3 are affected by this issue.
FIX VERSION
The fix is included in the 2.6.4 production release.
RESOLUTION DETAILS
Added validation for circular regions in $near / $within.
Original description
Our software accidently performed a $centerSphere query with NaN as radius which caused mongod to crash due to an assertion failure.
The same crash happens when a negative radius was passed.
2014-06-25T11:45:29.228+0000 [conn25] SEVERE: src/third_party/s2/s2cap.cc:36: Check failed: (angle.radians()) >= (0) 2014-06-25T11:45:29.229+0000 [conn25] test.test Fatal Assertion 0 2014-06-25T11:45:29.247+0000 [conn25] test.test 0x11da801 0x117c9f9 0x115f43d 0x127ab0d 0x1284b2e 0xb3cbea 0xb474f6 0xb49d32 0xb4c0d9 0xbf1e00 0xbf08b4 0xbead3d 0xbec7ba 0xbed122 0xd178ab 0xd52c62 0xb9c972 0xb9ef52 0x76f2bf 0x1190afb /usr/bin/mongod(_ZN5mongo15printStackTraceERSo+0x21) [0x11da801] /usr/bin/mongod(_ZN5mongo10logContextEPKc+0x159) [0x117c9f9] /usr/bin/mongod(_ZN5mongo13fassertFailedEi+0xcd) [0x115f43d] /usr/bin/mongod(_ZN15LogMessageFatalD1Ev+0x1d) [0x127ab0d] /usr/bin/mongod(_ZN5S2Cap13FromAxisAngleERK7Vector3IdERK7S1Angle+0x7e) [0x1284b2e] /usr/bin/mongod(_ZN5mongo9GeoParser8parseCapERKNS_7BSONObjEPNS_10CapWithCRSE+0xc1a) [0xb3cbea] /usr/bin/mongod(_ZN5mongo17GeometryContainer9parseFromERKNS_7BSONObjE+0x936) [0xb474f6] /usr/bin/mongod(_ZN5mongo8GeoQuery16parseLegacyQueryERKNS_7BSONObjE+0x7b2) [0xb49d32] /usr/bin/mongod(_ZN5mongo8GeoQuery9parseFromERKNS_7BSONObjE+0x19) [0xb4c0d9] /usr/bin/mongod(_ZN5mongo31expressionParserGeoCallbackRealEPKciRKNS_7BSONObjE+0x1e0) [0xbf1e00] /usr/bin/mongod(_ZN5boost6detail8function17function_invoker3IPFN5mongo10StatusWithIPNS3_15MatchExpressionEEEPKciRKNS3_7BSONObjEES7_S9_iSC_E6invokeERNS1_15function_bufferES9_iSC_+0x14) [0xbf08b4] /usr/bin/mongod(_ZN5mongo21MatchExpressionParser14_parseSubFieldERKNS_7BSONObjEPKNS_18AndMatchExpressionEPKcRKNS_11BSONElementEi+0xc6d) [0xbead3d] /usr/bin/mongod(_ZN5mongo21MatchExpressionParser9_parseSubEPKcRKNS_7BSONObjEPNS_18AndMatchExpressionEi+0x28a) [0xbec7ba] /usr/bin/mongod(_ZN5mongo21MatchExpressionParser6_parseERKNS_7BSONObjEi+0x5c2) [0xbed122] /usr/bin/mongod(_ZN5mongo14CanonicalQuery12canonicalizeERKNS_12QueryMessageEPPS0_+0xab) [0xd178ab] /usr/bin/mongod(_ZN5mongo11newRunQueryERNS_7MessageERNS_12QueryMessageERNS_5CurOpES1_+0x572) [0xd52c62] /usr/bin/mongod() [0xb9c972] /usr/bin/mongod(_ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE+0x442) [0xb9ef52] /usr/bin/mongod(_ZN5mongo16MyMessageHandler7processERNS_7MessageEPNS_21AbstractMessagingPortEPNS_9LastErrorE+0x9f) [0x76f2bf] /usr/bin/mongod(_ZN5mongo17PortMessageServer17handleIncomingMsgEPv+0x4fb) [0x1190afb]
- related to
-
SERVER-14984 Server aborts when running $centerSphere query with NaN radius
-
- Closed
-