Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Minor - P4
Fix Version/s: 3.1.7
Affects Version/s: 3.1.6
Component/s: Shell
Labels:
- dnsf

Backwards Compatibility:
Minor Change
Operating System:
ALL

In types.js there are a multiple helper functions added to Array that do not properly check that the array argument being passed to them is actually an array. This can lead to a stall in the shell if an object with property length set to a large number (or Infinity) is passed as an argument to one of these functions.

Affected functions:

Array.contains
Array.unique
Array.shuffle
Array.tojson
Array.fetchRefs
Array.sum
Array.stdDev

This is causing issues in jstestfuzz.

is related to

SERVER-31038 DBCollection.prototype.createIndexes can stall when given object with large "length" property

Closed

Assignee:: J Delaney

Reporter:: J Delaney

Participants:: Githook User, J Delaney, Kamran K.

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: Jul 30 2015 07:19:12 PM UTC

Updated:: Sep 11 2017 08:30:01 PM UTC

Resolved:: Aug 03 2015 01:59:44 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates