Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 3.6.0-rc3
Affects Version/s: None
Component/s: Aggregation Framework
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Sprint:
Query 2017-11-13

On a sharded cluster, when conditionally constructing the boost::optional return value for $changeStream post-update lookup in cases where no matching document is found, a segfault can occur due to passing a null BSONObj reference to the Document constructor.

  thread #27, stop reason = signal SIGSTOP
    frame #0: 0x0000000107cfcdcc mongos`mongo::BSONObj::objdata(this=0x0000000000000000) const at bsonobj.h:363
    frame #1: 0x0000000107cfcd73 mongos`mongo::BSONObj::objsize(this=0x0000000000000000) const at bsonobj.h:368
    frame #2: 0x0000000107d99121 mongos`mongo::BSONObjIterator::BSONObjIterator(this=0x00007000045a6fb8, jso=0x0000000000000000) at bsonobj.h:600
    frame #3: 0x0000000107d8a1cd mongos`mongo::BSONObjIterator::BSONObjIterator(this=0x00007000045a6fb8, jso=0x0000000000000000) at bsonobj.h:599
    frame #4: 0x0000000109478e01 mongos`mongo::BSONObj::nFields(this=0x0000000000000000) const at bsonobj.cpp:582
    frame #5: 0x00000001091147d7 mongos`mongo::Document::Document(this=0x00007000045a7418, bson=0x0000000000000000) at document.cpp:226
    frame #6: 0x00000001091149dd mongos`mongo::Document::Document(this=0x00007000045a7418, bson=0x0000000000000000) at document.cpp:225
    frame #7: 0x0000000107ed0b07 mongos`mongo::(anonymous namespace)::MongosProcessInterface::lookupSingleDocument(this=0x00007ff957c1e268, expCtx=0x00007000045a7958, filter=0x00007000045a7988) at pipeline_s.cpp:244
    frame #8: 0x00000001084030d6 mongos`mongo::DocumentSourceLookupChangePostImage::lookupPostImage(this=0x00007ff957c1d150, updateOp=0x00007000045a7ae0) const at document_source_lookup_change_post_image.cpp:111
    frame #9: 0x0000000108402b5a mongos`mongo::DocumentSourceLookupChangePostImage::getNext(this=0x00007ff957c1d150) at document_source_lookup_change_post_image.cpp:75
    frame #10: 0x0000000108427133 mongos`mongo::Pipeline::getNext(this=0x00007ff957c18200) at pipeline.cpp:541
    frame #11: 0x0000000107f67b23 mongos`mongo::RouterStagePipeline::next(this=0x00007ff957c1dfe0, execContext=kGetMoreNoResultsYet) at router_stage_pipeline.cpp:61
    frame #12: 0x0000000107f4f91e mongos`mongo::ClusterClientCursorImpl::next(this=0x00007ff957c200b0, execContext=kGetMoreNoResultsYet) at cluster_client_cursor_impl.cpp:93
    frame #13: 0x0000000108303a3d mongos`mongo::ClusterCursorManager::PinnedCursor::next(this=0x00007000045a8700, execContext=kGetMoreNoResultsYet) at cluster_cursor_manager.cpp:119
    frame #14: 0x0000000107f38153 mongos`mongo::ClusterFind::runGetMore(opCtx=0x00007ff957d1a390, request=0x00007000045a8898) at cluster_find.cpp:463
    frame #15: 0x0000000107e5842e mongos`mongo::(anonymous namespace)::ClusterGetMoreCmd::run(this=0x0000000109fefbe8, opCtx=0x00007ff957d1a390, dbname="test", cmdObj=0x00007000045a9d60, result=0x00007000045a9e98) at cluster_getmore_cmd.cpp:107
    frame #16: 0x00000001086eee66 mongos`mongo::BasicCommand::enhancedRun(this=0x0000000109fefbe8, opCtx=0x00007ff957d1a390, request=0x00007000045a9d60, result=0x00007000045a9e98) at commands.cpp:416
    frame #17: 0x00000001086eca61 mongos`mongo::Command::publicRun(this=0x0000000109fefbe8, opCtx=0x00007ff957d1a390, request=0x00007000045a9d60, result=0x00007000045a9e98) at commands.cpp:354
    frame #18: 0x0000000107edcf10 mongos`mongo::(anonymous namespace)::execCommandClient(opCtx=0x00007ff957d1a390, c=0x0000000109fefbe8, request=0x00007000045a9d60, result=0x00007000045a9e98) at strategy.cpp:214
    frame #19: 0x0000000107ed92f6 mongos`mongo::(anonymous namespace)::runCommand(opCtx=0x00007ff957d1a390, request=0x00007000045a9d60, builder=0x00007000045a9e98) at strategy.cpp:260
    frame #20: 0x0000000107ed5ed4 mongos`mongo::Strategy::clientCommand(this=0x00007000045aa260)::$_0::operator()() const at strategy.cpp:418
    frame #21: 0x0000000107ed4d21 mongos`mongo::Strategy::clientCommand(opCtx=0x00007ff957d1a390, m=0x00007ff957d17ea8) at strategy.cpp:396
    frame #22: 0x0000000107d2a421 mongos`mongo::ServiceEntryPointMongos::handleRequest(this=0x00007ff958a00cd0, opCtx=0x00007ff957d1a390, message=0x00007ff957d17ea8) at service_entry_point_mongos.cpp:92
    frame #23: 0x0000000107d49c47 mongos`mongo::ServiceStateMachine::_processMessage(this=0x00007ff957d17e00, guard=0x00007000045ab098) at service_state_machine.cpp:307
    frame #24: 0x0000000107d48fa0 mongos`mongo::ServiceStateMachine::_runNextInGuard(this=0x00007ff957d17e00, guard=0x00007000045ab098) at service_state_machine.cpp:401
    frame #25: 0x0000000107d49846 mongos`mongo::ServiceStateMachine::runNext(this=0x00007ff957d17e00) at service_state_machine.cpp:365
    frame #26: 0x0000000107d58458 mongos`mongo::ServiceStateMachine::scheduleNext(this=0x00007000045ab408)::$_4::operator()() const at service_state_machine.cpp:429

is depended on by

SERVER-31394 Create passthroughs of existing changeStream tests to run against sharded collections

Closed

Assignee:: Bernard Gorman

Reporter:: Bernard Gorman

Participants:: Bernard Gorman, Githook User

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Nov 02 2017 03:24:03 PM UTC

Updated:: Oct 30 2023 11:10:49 PM UTC

Resolved:: Nov 06 2017 05:48:24 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates