Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-72001

SBE traverseP_nested frees memory incorrectly if expression is invalid

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 6.3.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • ALL
    • 135

      It passes invalid tag type to the ValueGuard that is used only if expression fails

      https://github.com/mongodb/mongo/blob/master/src/mongo/db/exec/sbe/vm/vm.cpp#L1020

      It creates an array, but passes tag from input, which can be any of the following:
      https://github.com/mongodb/mongo/blob/master/src/mongo/db/exec/sbe/values/value.h#L208

       

            Assignee:
            ivan.fefer@mongodb.com Ivan Fefer
            Reporter:
            ivan.fefer@mongodb.com Ivan Fefer
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: