Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-7266

Using db.eval within $where causes the server to crash

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.2.0
    • Component/s: Stability
    • None
    • ALL

      > db.venues.insert(

      {foo:1}

      )
      > db.venues.find({$where:"db.eval('anything')"})
      will cause the server to crash with 

      Thu Oct  4 16:45:13 [conn1] can't lock_W, threadState=114
Thu Oct  4 16:45:13 [conn1]  test.venues Fatal Assertion 16114
0x10037637b 0x1000aeeb5 0x1005f29cc 0x10031ce47 0x1003a51d6 0x1003a5e96 0x1003a7a01 0x10008126b 0x100085399 0x1006464c9 0x1006494d6 0x10064aec9 0x100175487 0x1001ac2df 0x10063efbf 0x10043c73e 0x1005349cc 0x100536651 0x1005351c4 0x1005456b4 
 0   mongod                              0x000000010037637b _ZN5mongo15printStackTraceERSo + 43
 1   mongod                              0x00000001000aeeb5 _ZN5mongo13fassertFailedEi + 165
 2   mongod                              0x00000001005f29cc _ZN5mongo4Lock11GlobalWriteC2Ebi + 588
 3   mongod                              0x000000010031ce47 _ZN5mongo7CmdEval3runERKSsRNS_7BSONObjEiRSsRNS_14BSONObjBuilderEb + 647
 4   mongod                              0x00000001003a51d6 _ZN5mongo12_execCommandEPNS_7CommandERKSsRNS_7BSONObjEiRNS_14BSONObjBuilderEb + 86
 5   mongod                              0x00000001003a5e96 _ZN5mongo11execCommandEPNS_7CommandERNS_6ClientEiPKcRNS_7BSONObjERNS_14BSONObjBuilderEb + 2054
 6   mongod                              0x00000001003a7a01 _ZN5mongo12_runCommandsEPKcRNS_7BSONObjERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 1697
 7   mongod                              0x000000010008126b _ZN5mongo11runCommandsEPKcRNS_7BSONObjERNS_5CurOpERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 59
 8   mongod                              0x0000000100085399 _ZN5mongo8runQueryERNS_7MessageERNS_12QueryMessageERNS_5CurOpES1_ + 4345
 9   mongod                              0x00000001006464c9 _ZN5mongoL13receivedQueryERNS_6ClientERNS_10DbResponseERNS_7MessageE + 393
 10  mongod                              0x00000001006494d6 _ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE + 950
 11  mongod                              0x000000010064aec9 _ZN5mongo14DBDirectClient4callERNS_7MessageES2_bPSs + 121
 12  mongod                              0x0000000100175487 _ZN5mongo14DBClientCursor4initEv + 167
 13  mongod                              0x00000001001ac2df _ZN5mongo12DBClientBase5queryERKSsNS_5QueryEiiPKNS_7BSONObjEii + 191
 14  mongod                              0x000000010063efbf _ZN5mongo14DBDirectClient5queryERKSsNS_5QueryEiiPKNS_7BSONObjEii + 79
 15  mongod                              0x000000010043c73e _ZN5mongo10mongo_findEP9JSContextP8JSObjectjPlS4_ + 814
 16  mongod                              0x00000001005349cc js_Invoke + 1260
 17  mongod                              0x0000000100536651 js_Interpret + 3921
 18  mongod                              0x00000001005351c4 js_Invoke + 3300
 19  mongod                              0x00000001005456b4 js_InternalInvoke + 212
Thu Oct  4 16:45:13 [conn1] 

***aborting after fassert() failure


Thu Oct  4 16:45:13 Got signal: 6 (Abort trap: 6).

Thu Oct  4 16:45:13 Backtrace:
0x10037637b 0x100001a6b 0x7fff928f58ea 0x104c0b790 0x7fff9294cdce 0x1000aeef0 0x1005f29cc 0x10031ce47 0x1003a51d6 0x1003a5e96 0x1003a7a01 0x10008126b 0x100085399 0x1006464c9 0x1006494d6 0x10064aec9 0x100175487 0x1001ac2df 0x10063efbf 0x10043c73e 
 0   mongod                              0x000000010037637b _ZN5mongo15printStackTraceERSo + 43
 1   mongod                              0x0000000100001a6b _ZN5mongo10abruptQuitEi + 987
 2   libsystem_c.dylib                   0x00007fff928f58ea _sigtramp + 26
 3   ???                                 0x0000000104c0b790 0x0 + 4374706064
 4   libsystem_c.dylib                   0x00007fff9294cdce abort + 143
 5   mongod                              0x00000001000aeef0 _ZN5mongo13fassertFailedEi + 224
 6   mongod                              0x00000001005f29cc _ZN5mongo4Lock11GlobalWriteC2Ebi + 588
 7   mongod                              0x000000010031ce47 _ZN5mongo7CmdEval3runERKSsRNS_7BSONObjEiRSsRNS_14BSONObjBuilderEb + 647
 8   mongod                              0x00000001003a51d6 _ZN5mongo12_execCommandEPNS_7CommandERKSsRNS_7BSONObjEiRNS_14BSONObjBuilderEb + 86
 9   mongod                              0x00000001003a5e96 _ZN5mongo11execCommandEPNS_7CommandERNS_6ClientEiPKcRNS_7BSONObjERNS_14BSONObjBuilderEb + 2054
 10  mongod                              0x00000001003a7a01 _ZN5mongo12_runCommandsEPKcRNS_7BSONObjERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 1697
 11  mongod                              0x000000010008126b _ZN5mongo11runCommandsEPKcRNS_7BSONObjERNS_5CurOpERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 59
 12  mongod                              0x0000000100085399 _ZN5mongo8runQueryERNS_7MessageERNS_12QueryMessageERNS_5CurOpES1_ + 4345
 13  mongod                              0x00000001006464c9 _ZN5mongoL13receivedQueryERNS_6ClientERNS_10DbResponseERNS_7MessageE + 393
 14  mongod                              0x00000001006494d6 _ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE + 950
 15  mongod                              0x000000010064aec9 _ZN5mongo14DBDirectClient4callERNS_7MessageES2_bPSs + 121
 16  mongod                              0x0000000100175487 _ZN5mongo14DBClientCursor4initEv + 167
 17  mongod                              0x00000001001ac2df _ZN5mongo12DBClientBase5queryERKSsNS_5QueryEiiPKNS_7BSONObjEii + 191
 18  mongod                              0x000000010063efbf _ZN5mongo14DBDirectClient5queryERKSsNS_5QueryEiiPKNS_7BSONObjEii + 79
 19  mongod                              0x000000010043c73e _ZN5mongo10mongo_findEP9JSContextP8JSObjectjPlS4_ + 814

            Assignee:
            Unassigned Unassigned
            Reporter:
            sridhar Sridhar Nanjundeswaran (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: