[SERVER-15639] Text queries can return incorrect results and leak memory when multiple predicates given on same text index prefix field - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 2.6.0
Fix Version/s: 2.6.6, 2.7.8
Component/s: Internal Code, Querying
Labels:

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Completed:

2.6.6

Description

The query subsystem does not correctly handle text queries against a compound text index where multiple equality predicates are given on the same text index prefix field.

For example, the query {$and:[{a:1},{a:2},{$text:{$search:"foo"}}]} will erroneously return the document {a:2,b:foo} if a query plan over an index with key pattern {a:1,b:"text"} is chosen.

Original description:

In QueryPlannerAccess::finishTextNode a vector of MatchExpression*'s called 'prefixExpr's is populated in a loop. The populated vector is intended to own all of the MatchExpressions. However, it is possible in the loop body for the same index to be written more than once. If this occurs, the object originally owned by that slot in the vector will be leaked.

Attachments

Issue Links

is related to

SERVER-16889 Query subsystem public API should use std::unique_ptr for ownership transfer

Closed

Activity

People

Assignee:: J Rassi

Reporter:: Andrew Morrow (Inactive)

Participants:: Andrew Morrow, Githook User, J Rassi

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: Oct 14 2014 12:00:23 AM UTC

Updated:: Mar 11 2015 05:01:39 PM UTC

Resolved:: Oct 16 2014 03:09:16 PM UTC