An ASAN run of jstests/cqf/analyze/ce_sample_rate.js reveals a use-after-free with parameterization enabled.

Binding of an SBE plan uses an unowned view into the MatchExpression to populate the value of query parameters for operands of comparison expressions. In the case of creating a PlanExecutor via Bonsai, the pipeline owning the MatchExpression goes out of scope right after constructing the executor, leaving a dangling reference.

The binding should either copy the data to populate the slot or the SBE PlanExecutor constructed by Bonsai needs to extend the lifetime of the MatchExpression which the slot references.