[CXX-986] Invalid error handling in find_and_modify - null pointer access Created: 10/Aug/16  Updated: 21/Nov/16  Resolved: 14/Sep/16

Status: Closed
Project: C++ Driver
Component/s: Implementation
Affects Version/s: 3.0.1
Fix Version/s: 3.0.2

Type: Bug Priority: Major - P3
Reporter: Rustam Abdullaev Assignee: Andrew Morrow (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by CXX-1138 uncought exception: find_and_update =... Closed

 Description   

This problem is related to this code in find_and_modify:

    bool r = mongocxx::libmongoc::collection_find_and_modify_with_opts(
        collection, bson_filter.bson(), opts, reply.bson(), &error);
 
    if (!r) {
        auto gle = mongocxx::libmongoc::collection_get_last_error(collection);
        mongocxx::throw_exception<mongocxx::write_exception>(
            bsoncxx::helpers::value_from_bson_t(gle), error);
    }

If the mongo operation fails at connection level, gle is null, causing null pointer access inside value_from_bson_t(gle).

Test case:

#include <iostream>
#include <mongocxx.h>
using bsoncxx::builder::stream::document;
using bsoncxx::builder::stream::finalize;
 
int main() {
  mongocxx::instance inst;
  try
  {
    mongocxx::uri mongo_uri{ "mongodb://non-existent-host/" };
    mongocxx::client client{ mongo_uri };
    client.database("irrelevant")["irrelevant"].find_one_and_update(
      document{} << "irrelevant" << 1 << finalize,
      document{} << "irrelevant" << 2 << finalize);
    std::cout << "OK" << std::endl;
  }
  catch (const std::exception& ex)
  {
    std::cerr << "Exception: " << ex.what() << std::endl;
  }
}



 Comments   
Comment by Githook User [ 14/Sep/16 ]

Author:

{u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@mongodb.com'}

Message: CXX-986 Improve find_and_modify error handling
Branch: 3.1-dev
https://github.com/mongodb/mongo-cxx-driver/commit/7a8b68951f5ea6f947b8a029ec942e0187c7c3e5

Comment by Githook User [ 14/Sep/16 ]

Author:

{u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@mongodb.com'}

Message: CXX-986 Improve find_and_modify error handling
Branch: master
https://github.com/mongodb/mongo-cxx-driver/commit/7a8b68951f5ea6f947b8a029ec942e0187c7c3e5

Comment by Andrew Morrow (Inactive) [ 13/Sep/16 ]

https://github.com/mongodb/mongo-cxx-driver/pull/529

Comment by Rustam Abdullaev [ 10/Aug/16 ]

Thanks.
Pls have a look also at my proposed fix (but there may be other places where a similar fix is needed – haven't checked that).
https://github.com/mongodb/mongo-cxx-driver/pull/515/files

Comment by David Golden [ 10/Aug/16 ]

PR submitted by reporter as https://github.com/mongodb/mongo-cxx-driver/pull/515

Comment by David Golden [ 10/Aug/16 ]

Opened it as CXX-987 in case you want to watch it.

Comment by David Golden [ 10/Aug/16 ]

Thanks for the report. I'm going to open the operation_exception concern as a separate ticket.

Comment by Rustam Abdullaev [ 10/Aug/16 ]

In addition, I think the implementation of operation_exception is incomplete; _raw_server_error is stdx::optional<bsoncxx::document::value>, but there is no way to construct operation_exception without a valid bsoncxx::document::value.

Generated at Wed Feb 07 22:01:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.