[CXX-906] Null dereference in DBClientWithCommands methods: getCollectionNames(), getCollectionInfos(), exists() Created: 05/May/16  Updated: 21/Jun/16  Resolved: 14/Jun/16

Status: Closed
Project: C++ Driver
Component/s: API
Affects Version/s: legacy-1.1.0
Fix Version/s: legacy-1.1.2

Type: Bug Priority: Major - P3
Reporter: Andrey Kolkov Assignee: J Rassi
Resolution: Done Votes: 0
Labels: legacy-cxx
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CXX-905 Strange results of DBClientConnection... Closed

 Description   

This behaviour repeated when connection breaks (as example server was stopped) and then running has finished with segmentation fault.
Crutch-solution for client-code as I see, is check before by method isStillConnected(), but this method too is not absolutely good other bug



 Comments   
Comment by Githook User [ 14/Jun/16 ]

Author:

{u'username': u'jrassi', u'name': u'J. Rassi', u'email': u'rassi@10gen.com'}

Message: CXX-906 Properly check return value of enumerateCollections()
Branch: legacy
https://github.com/mongodb/mongo-cxx-driver/commit/53bbe81e27bd74d8fa155f534e407079a0fb58b6

Comment by J Rassi [ 07/Jun/16 ]

https://github.com/mongodb/mongo-cxx-driver/pull/493

Comment by Andrew Morrow (Inactive) [ 10/May/16 ]

Ah, thanks for that. I see what is happening now.

The issue is that the getCollectionNames and getCollectionInfos methods fail to check whether the returned auto_ptr<cursor> from enumerateCollections, in terms of which both of those functions are implemented, is actually valid before dereferencing it. So, definitely a bug, and thanks for reporting it.

I think as a workaround you could just call enumerateCollections yourself and interpret the results. If you read the implementation of getCollectionNames in the driver, it should be very clear how to do that.

We will add some logic so that if enumerateCollections returns a null auto_ptr<cursor> to getCollectionNames or getCollectionInfos then an exception is thrown.

Comment by Andrey Kolkov [ 10/May/16 ]

Sorry, I had no possibility to reply you within last days.
Trace of the crash:

1	mongo::DBClientWithCommands::getCollectionNames	dbclient.cpp	Line:1476

Piece of my sources

mongo::DBClientConnection connection;
connection->connect(host);
// do something....
// about here host was stopped (for debug I just kill mongod process)
try
{
    connection->getCollectionNames(database);    // this code create a crash: "Received OS signal: SIGSEGV, Segmentation fault."
}
catch (mongo::DBException& e)
{
    // no catched exceptions here
}

Comment by Andrew Morrow (Inactive) [ 09/May/16 ]

I'm closing this ticket because I've not heard back from you. Please feel free to re-open the ticket if there is anything else we can help with.

Comment by Andrew Morrow (Inactive) [ 06/May/16 ]

I also feel obliged to ask: are you just getting started with the legacy C++ driver, or is this an existing deployment? If the former, I can't recommend strongly enough that you use the C++11 driver instead of the legacy driver, if C++11 is available in your environment. The new driver is a dramatic improvement over the legacy driver, both for interface, and implementation. If, for some reason, you cannot use C++11, at this point I would even recommend the straight C driver over the legacy driver. The legacy C++ driver is just that - legacy. We are planning to begin the process to EOL the legacy C++ driver sometime later this year.

Comment by Andrew Morrow (Inactive) [ 05/May/16 ]

Can you please post a stack trace detailing the crash that you encountered?

Generated at Wed Feb 07 22:00:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.