Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-86210

jstestfuzz can override mongo shell helpers that it later expects to work correctly

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Query Optimization
    • 6

    Description

      jstestfuzz can override mongo shell built-ins, but then later call those built-ins in a way that expects them to work correctly.
      For example, it can generate statements like:
      DBCommandCursor.prototype.next = MinKey;

      And then later generate statements like:
      var collectionsList = new DBCommandCursor(db, db.runCommand({
      'listCollections': 1,
      nameOnly: true,
      filter: {}
      })).toArray();
      } catch (e) {
      }

      Because we redefined 'next' to simply return MinKey and not correctly interact with DBCommandCursor's internals, DBCommandCursor.prototype.toArray is now broken and will infinitely loop (it relies on next() advancing internal state to track traversal of elements).

      We need to either ban the fuzzer from generating such overrides/redefinitions, or find a way to make them safe and ensure that we don't rely on the original definitions for the fuzzer to run safely to completion.

      Attachments

        Activity

          People

            backlog-query-optimization Backlog - Query Optimization
            george.wangensteen@mongodb.com George Wangensteen
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated: