In versions 2.7.7+, certain invalid polygon coordinates can crash the server. In previous versions, users would receive a "Can't extract geo keys from object" error instead.
src/third_party/s2/s2loop.h:117: Check failed: (i) < ((2 * num_vertices_))
* frame #0: 0x00000001010d861b mongod`Vector3<double>::operator[](this=0x0000000000000018, b=2) const + 331 at vector3-inl.h:228
frame #1: 0x00000001010de3ba mongod`S2LatLng::Latitude(p=0x0000000000000018) + 26 at s2latlng.h:161
frame #2: 0x00000001010fbb87 mongod`S2LatLng::S2LatLng(this=0x000000010947db70, p=0x0000000000000018) + 39 at s2latlng.cc:32
frame #3: 0x00000001010fbcad mongod`S2LatLng::S2LatLng(this=0x000000010947db70, p=0x0000000000000018) + 29 at s2latlng.cc:35
frame #4: 0x00000001010ff318 mongod`S2LatLngRect::Contains(this=0x00000001033151e0, p=0x0000000000000018) const + 40 at s2latlngrect.cc:580
frame #5: 0x0000000101102f23 mongod`S2Loop::InitOrigin(this=0x00000001033151c0) + 67 at s2loop.cc:188
frame #6: 0x0000000101102e26 mongod`S2Loop::Init(this=0x00000001033151c0, vertices=0x000000010947e250) + 614 at s2loop.cc:104
frame #7: 0x0000000101102b52 mongod`S2Loop::S2Loop(this=0x00000001033151c0, vertices=0x000000010947e250) + 210 at s2loop.cc:79
frame #8: 0x0000000101102e7d mongod`S2Loop::S2Loop(this=0x00000001033151c0, vertices=0x000000010947e250) + 29 at s2loop.cc:80
frame #9: 0x000000010059918e mongod`mongo::parseGeoJSONPolygonCoordinates(elem=0x000000010947e4b0, out=0x0000000103314d20) + 1390 at geoparser.cpp:176
frame #10: 0x0000000100598ac1 mongod`mongo::GeoParser::parseGeoJSONPolygon(obj=0x000000010947f308, out=0x0000000103314f40) + 369 at geoparser.cpp:447
frame #11: 0x000000010058cc33 mongod`mongo::GeometryContainer::parseFromGeoJSON(this=0x000000010947f4d0, obj=0x000000010947f308) + 1251 at geometry_container.cpp:818
frame #12: 0x000000010058f7d9 mongod`mongo::GeometryContainer::parseFromStorage(this=0x000000010947f4d0, elem=0x0000000103314f30) + 713 at geometry_container.cpp:968
frame #13: 0x000000010060d66f mongod`(anonymous namespace)::S2GetKeysForElement(element=0x0000000103314f30, params=0x0000000103313540, out=0x000000010947f7b8) + 79 at expression_keys_private.cpp:92
frame #14: 0x000000010060bee8 mongod`(anonymous namespace)::getS2GeoKeys(document=0x0000000103313d00, elements=0x000000010947ff18, params=0x0000000103313540, out=0x000000010947fed8) + 776 at expression_keys_private.cpp:135
frame #15: 0x000000010060aef0 mongod`mongo::ExpressionKeysPrivate::getS2Keys(obj=0x0000000103313d00, keyPattern=0x00000001033133f0, params=0x0000000103313540, keys=0x00000001094806f0) + 1728 at expression_keys_private.cpp:471
frame #16: 0x00000001006174db mongod`mongo::S2AccessMethod::getKeys(this=0x0000000103313520, obj=0x0000000103313d00, keys=0x00000001094806f0) const + 75 at s2_access_method.cpp:107
frame #17: 0x00000001005cde5d mongod`mongo::BtreeBasedAccessMethod::insert(this=0x0000000103313520, txn=0x0000000109482750, obj=0x0000000103313d00, loc=0x0000000109480b98, options=0x0000000109480990, numInserted=0x0000000109480988) + 269 at btree_based_access_method.cpp:79
frame #18: 0x00000001002a5b1b mongod`mongo::IndexCatalog::_indexRecord(this=0x00000001033127c8, txn=0x0000000109482750, index=0x0000000103313480, obj=0x0000000103313d00, loc=0x0000000109480b98) + 171 at index_catalog.cpp:1089
frame #19: 0x00000001002a5f8d mongod`mongo::IndexCatalog::indexRecord(this=0x00000001033127c8, txn=0x0000000109482750, obj=0x0000000103313d00, loc=0x0000000109480b98) + 237 at index_catalog.cpp:1121
frame #20: 0x000000010026a181 mongod`mongo::Collection::_insertDocument(this=0x0000000103312720, txn=0x0000000109482750, docToInsert=0x0000000103313d00, enforceQuota=true) + 721 at collection.cpp:254
frame #21: 0x0000000100269da1 mongod`mongo::Collection::insertDocument(this=0x0000000103312720, txn=0x0000000109482750, docToInsert=0x0000000103313d00, enforceQuota=true) + 497 at collection.cpp:201
frame #22: 0x0000000100631721 mongod`mongo::checkAndInsert(txn=0x0000000109482750, ctx=0x00000001094812f0, ns=0x0000000103811e14, js=0x0000000103313d00) + 1569 at instance.cpp:894
frame #23: 0x000000010062e4f6 mongod`mongo::receivedInsert(txn=0x0000000109482750, m=0x0000000109482cf0, op=0x000000010500aa00) + 3142 at instance.cpp:1060
frame #24: 0x0000000100629624 mongod`mongo::assembleResponse(txn=0x0000000109482750, m=0x0000000109482cf0, dbresponse=0x00000001094826c8, remote=0x00000001094826a8, fromDBDirectClient=false) + 3844 at instance.cpp:460
frame #25: 0x000000010001d6bb mongod`mongo::MyMessageHandler::process(this=0x0000000106700a60, m=0x0000000109482cf0, port=0x0000000103403970, le=0x00000001036035d0) + 395 at db.cpp:206
frame #26: 0x0000000100f0f836 mongod`mongo::PortMessageServer::handleIncomingMsg(arg=0x0000000103403970) + 2774 at message_server_port.cpp:229
frame #27: 0x0000000100f0dd64 mongod`boost::detail::thread_data<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() [inlined] decltype(__f=0x0000000103403d00, __args=0x0000000103403d08)(void*)>(fp)(std::__1::forward<mongo::(anonymous namespace)::MessagingPortWithHandler*&>(fp0))) std::__1::__invoke<void* (*&)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*&>(void* (*&&&)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*&&&) + 164 at __functional_base:413
frame #28: 0x0000000100f0dd41 mongod`boost::detail::thread_data<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() [inlined] std::__1::__bind_return<void* (this=0x0000000109482dd8, __f=0x0000000103403d00, __bound_args=0x0000000103403d08, (null)=__tuple_indices<0> at 0x0000000109482e18, __args=0x0000000109482dd8)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<>, _is_valid_bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, 0ul, std::__1::tuple<> >(void* (*&)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 48 at functional:2022
frame #29: 0x0000000100f0dd11 mongod`boost::detail::thread_data<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() [inlined] std::__1::__bind_return<void* (this=0x0000000103403d00)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<>, _is_valid_bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<> >::value>::type std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*>::operator()<>() + 34 at functional:2085
frame #30: 0x0000000100f0dcef mongod`boost::detail::thread_data<std::__1::__bind<void* (this=0x0000000103403b00)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() + 47 at thread.hpp:115
frame #31: 0x0000000101028225 mongod`boost::(anonymous namespace)::thread_proxy(param=0x0000000103403b00) + 133 at thread.cpp:173
frame #32: 0x00007fff8e60b268 libsystem_pthread.dylib`_pthread_body + 131
frame #33: 0x00007fff8e60b1e5 libsystem_pthread.dylib`_pthread_start + 176
frame #34: 0x00007fff8e60941d libsystem_pthread.dylib`thread_start + 13
- is duplicated by
-
SERVER-17565 Bad MultiPolygon Crashes mongod
-
- Closed
-
- is related to
-
SERVER-14508 Better error messages from GeoJSON parsing
-
- Closed
-