-
Type: Bug
-
Resolution: Done
-
Priority: Critical - P2
-
Affects Version/s: None
-
Component/s: Aggregation Framework
-
Labels:None
-
ALL
Observed behavior: The $substr expression implementation directly calls c++'s string::substr with numeric arguments supplied to it. If the pos argument is greater than the size of the string, string::substr will throw an out_of_range exception and the mongod process will abort.
Expected behavior: The $substr expression validates its arguments and returns an empty string or uasserts in this case.
Test:
c = db.c;
c.drop();
c.save( {} );
printjson( c.aggregate( { $project:{ a:{ $substr:[ 'a', 2, 1 ] } } } ) );
Log:
Fri Jun 22 17:32:47 [conn1] ERROR: Uncaught std::exception: basic_string::substr, terminating Fri Jun 22 17:32:47 dbexit: Fri Jun 22 17:32:47 [conn1] shutdown: going to close listening sockets... Fri Jun 22 17:32:47 [conn1] closing listening socket: 6 Fri Jun 22 17:32:47 [conn1] closing listening socket: 7 Fri Jun 22 17:32:47 [initandlisten] now exiting Fri Jun 22 17:32:47 dbexit: ; exiting immediately