Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-55054

Unchecked boost::optional usage in DocumentSourceInternalSetWindowFields

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.9.0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Fully Compatible
    • ALL
    • Hide

      Execute an aggregation pipeline with $setWindowFields on an empty collection.

      Show
      Execute an aggregation pipeline with $setWindowFields on an empty collection.
    • 66

      This line in DocumentSourceInternalSetWindowFields::doGetNext() calls the [] overload on a PartitionIterator but then calls the get() method on the resulting optional without checking if it is boost::none. The [] overload can return boost::none, however, resulting in access to uninitialized memory and potential crashes.

      The simplest case I found where this happens is when there are no input documents to the $setWindowFields stage.

            Assignee:
            nicholas.zolnierz@mongodb.com Nicholas Zolnierz
            Reporter:
            justin.seyster@mongodb.com Justin Seyster
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: