Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-86210

jstestfuzz can override mongo shell helpers that it later expects to work correctly

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 8.1.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Query Optimization
    • Fully Compatible
    • 39

      jstestfuzz can override mongo shell built-ins, but then later call those built-ins in a way that expects them to work correctly.
      For example, it can generate statements like:
      DBCommandCursor.prototype.next = MinKey;

      And then later generate statements like:
      var collectionsList = new DBCommandCursor(db, db.runCommand({
      'listCollections': 1,
      nameOnly: true,
      filter: {}
      } catch (e) {

      Because we redefined 'next' to simply return MinKey and not correctly interact with DBCommandCursor's internals, DBCommandCursor.prototype.toArray is now broken and will infinitely loop (it relies on next() advancing internal state to track traversal of elements).

      We need to either ban the fuzzer from generating such overrides/redefinitions, or find a way to make them safe and ensure that we don't rely on the original definitions for the fuzzer to run safely to completion.

            ruoxin.xu@mongodb.com Ruoxin Xu
            george.wangensteen@mongodb.com George Wangensteen
            0 Vote for this issue
            9 Start watching this issue