Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.9.0
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:

Hide

Execute an aggregation pipeline with $setWindowFields on an empty collection.

Show
Execute an aggregation pipeline with $setWindowFields on an empty collection.
Linked BF Score:
66
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

This line in DocumentSourceInternalSetWindowFields::doGetNext() calls the [] overload on a PartitionIterator but then calls the get() method on the resulting optional without checking if it is boost::none. The [] overload can return boost::none, however, resulting in access to uninitialized memory and potential crashes.

The simplest case I found where this happens is when there are no input documents to the $setWindowFields stage.

Assignee:: Nicholas Zolnierz
Reporter:: Justin Seyster
Participants:: Githook User, Justin Seyster, Nicholas Zolnierz
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Mar 09 2021 12:19:44 AM UTC
Updated:: Oct 29 2023 09:56:32 PM UTC
Resolved:: Mar 09 2021 11:17:42 PM UTC

Details

Description

Attachments

Activity

People

Dates