[CDRIVER-2072] Using a filter or projection with empty field names causes a crash when destroying cursor Created: 27/Feb/17  Updated: 28/Mar/17  Resolved: 05/Mar/17

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: 1.5.1, 1.5.2
Fix Version/s: 1.5.5, 1.6.1

Type: Bug Priority: Major - P3
Reporter: Derick Rethans Assignee: Jeremy Mikola
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File 536.gdb.txt     File test.c    
Issue Links:
Depends
is depended on by PHPC-920 Using a projection with an empty fiel... Closed
Duplicate
is duplicated by CDRIVER-2100 SegFault in 1.6.1 when 'dispose curso... Closed

 Description   

When running a query through

mongoc_collection_find_with_opts

where opts is invalid (i.e. "Cannot use empty keys in 'opts'."), a subsequent mongoc_cursor_destroy crashes, even though find_with_opts' documentation says I need to destroy the cursor.

See the attached file, which I've compiled with

gcc test.c -ggdb3 -o test536 $(pkg-config --cflags --libs libmongoc-1.0)

When running it, it produces a segfault:

derick@singlemalt:/tmp/536 $ ./test536 
An error occurred: Cannot use empty keys in 'opts'.
Segmentation fault

I have also attached the backtrace.



 Comments   
Comment by A. Jesse Jiryu Davis [ 05/Mar/17 ]

r1.6: https://github.com/mongodb/mongo-c-driver/commit/aadf9bcb416e76e2771de2578bd5013f764b80d2

Comment by Githook User [ 05/Mar/17 ]

Author:

{u'username': u'jmikola', u'name': u'Jeremy Mikola', u'email': u'jmikola@gmail.com'}

Message: CDRIVER-2072: Always initialize cursor filter and opts

mongoc_cursor_destroy() always attempts to destroy these documents, which would previously crash if they were left uninitialized when an error was reported by _mongoc_cursor_new_with_opts().
Branch: r1.5
https://github.com/mongodb/mongo-c-driver/commit/e8c89c0b3bc8696092c47a0e658e5f2e9eb8beda

Comment by Githook User [ 05/Mar/17 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@emptysquare.net'}

Message: Merge pull request #425 from jmikola/cdriver-2072

CDRIVER-2072: Always initialize cursor filter and opts
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/de0e30a0c8fdd109b8bb99becbb37d4bfb73395d

Comment by Githook User [ 05/Mar/17 ]

Author:

{u'username': u'jmikola', u'name': u'Jeremy Mikola', u'email': u'jmikola@gmail.com'}

Message: CDRIVER-2072: Always initialize cursor filter and opts

mongoc_cursor_destroy() always attempts to destroy these documents, which would previously crash if they were left uninitialized when an error was reported by _mongoc_cursor_new_with_opts().
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/fe277d1e3d247e80cd630a082ed29e0f0eb2a1f3

Comment by Jeremy Mikola [ 03/Mar/17 ]

https://github.com/mongodb/mongo-c-driver/pull/425

Comment by Jeremy Mikola [ 03/Mar/17 ]

Verified that this is also an issue when the filter document contains empty field names.

Generated at Wed Feb 07 21:14:04 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.