The query subsystem does not correctly handle text queries against a compound text index where multiple equality predicates are given on the same text index prefix field.

For example, the query {$and:[{a:1},{a:2},{$text:{$search:"foo"}}]} will erroneously return the document {a:2,b:foo} if a query plan over an index with key pattern {a:1,b:"text"} is chosen.

Original description:

In QueryPlannerAccess::finishTextNode a vector of MatchExpression*'s called 'prefixExpr's is populated in a loop. The populated vector is intended to own all of the MatchExpressions. However, it is possible in the loop body for the same index to be written more than once. If this occurs, the object originally owned by that slot in the vector will be leaked.