Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20375

Crash when calling objects with manipulated __proto__

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.1.9
    • Affects Version/s: 3.1.7
    • Component/s: JavaScript
    • Fully Compatible
    • ALL
    • Platform 9 (09/18/15)

      It is possible to get and set arbitrary C++ pointers in private fields on JS objects. It is possible to create an object which appears to be a type which had a field set, but wasn't created as such. Using functions on it which access these fields can result in a crash.

        1. SERVER-20375.js
          1 kB

            Assignee:
            mira.carey@mongodb.com Mira Carey
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: