[JAVA-2228] Document.parse() stucked in a dead loop Created: 16/Jun/16  Updated: 19/Oct/16  Resolved: 23/Jun/16

Status: Closed
Project: Java Driver
Component/s: BSON
Affects Version/s: 3.2.2
Fix Version/s: 3.3.0

Type: Bug Priority: Major - P3
Reporter: liqiaoping Assignee: Ross Lawley
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:


 Description   

I use mongo java driver in my flume project, and one day the events channel was full and after debug, I found that the thread was blocked in a dead loop.
Below is the stacktrace:
********************************************************************************
at org.bson.json.JsonScanner.scanRegularExpression(JsonScanner.java:190)
at org.bson.json.JsonScanner.nextToken(JsonScanner.java:100)
at org.bson.json.JsonReader.popToken(JsonReader.java:475)
at org.bson.json.JsonReader.readBsonType(JsonReader.java:232)
at org.bson.codecs.DocumentCodec.decode(DocumentCodec.java:139)
at org.bson.codecs.DocumentCodec.decode(DocumentCodec.java:45)
at org.bson.codecs.DocumentCodec.readValue(DocumentCodec.java:215)
at org.bson.codecs.DocumentCodec.decode(DocumentCodec.java:141)
at org.bson.codecs.DocumentCodec.decode(DocumentCodec.java:45)
at org.bson.Document.parse(Document.java:105)
at org.bson.Document.parse(Document.java:90)



 Comments   
Comment by Ross Lawley [ 23/Jun/16 ]

Thanks lqp276 for reporting.

A fix has now been merged into master and will be available in the forthcoming 3.3 release.

Comment by Githook User [ 23/Jun/16 ]

Author:

{u'username': u'rozza', u'name': u'Ross Lawley', u'email': u'ross.lawley@gmail.com'}

Message: Fix infinite loop when parsing invalid regular expressions

JAVA-2228
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/d2c2cd75d202bec113d9cd6a03687c3645b379df

Comment by Githook User [ 20/Jun/16 ]

Author:

{u'username': u'rozza', u'name': u'Ross Lawley', u'email': u'ross.lawley@gmail.com'}

Message: Fix infinite loop when parsing invalid regular expressions.

Added EOF check for JsonBuffer to prevent multiple reads at end of file.

JAVA-2228
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/c1a7906682b7fb58c3384c9a44665362ec363b3f

Comment by liqiaoping [ 17/Jun/16 ]

Hi Ross,
I am very glad to report and make mongo better.

I agree with you analysis and the bug was triggerd by the malfromed json string. Because in our project simple json will sastify our needs we didn't import a third party json lib. I think it would be better to call it a 'robust issue', ^^
I followed the code of bson and I think is doesn't handle the End Of Stream properly, bellow code:

in method "scanRegularExpression" of org.bson.json.JsonScanner:
....
while (true) {
int c = buffer.read();
switch (state) {
.....
when buffer return -1 to mark the end, and the leading regex chars mark a 'In pattern' context, the loop is dead and failed to report "Invalid Regular Exception"

Comment by Ross Lawley [ 16/Jun/16 ]

Hi lqp276,

Thanks for the ticket, it looks to be an escaping issue as well as a Document.parse issue. In the example provided its caused by the value in mark.

A simplified failure case is:

String json = "{a: \"\"/b\"}";
System.out.println(Document.parse(json)); 

However, escaping correctly works as expected:

String json = "{a: \"\\\"/b\"}";
System.out.println(Document.parse(json));

With the example string I ensured that the quote in the mark string is triple escaped and it works as expected:

String json = "{\"addr\":\"10.10.182.143\",\"type\":1,\"ver\":1,\"terminal\":2,\"ts\":1465995544485,\"body\":{\"step\":11216,"
                + "\"order\":\"20160615205848203041\",\"uid\":2050061709,\"loss\":0,\"rtt\":59,\"fec\":0,\"pnum\":14,"
                + "\"mark\":\"\\u0001\\u01d8\\u001f\\ufffd\\ufffd\\ufffd\\ufffd\\\"/\\ufffd\\ufffdP5\\u0005:0\"}}";
 
System.out.println(Document.parse(json));

Comment by liqiaoping [ 16/Jun/16 ]

The data should reproduce this bug:
{"addr":"10.10.182.143","type":1,"ver":1,"terminal":2,"ts":1465995544485,"body":{"step":11216,"order":"20160615205848203041","uid":2050061709,"loss":0,"rtt":59,"fec":0,"pnum":14,"mark":"\u0001\u01d8\u001f\ufffd\ufffd\ufffd\ufffd"/\ufffd\ufffdP5\u0005:0"}}

after Reading the code I think it's the bug of bson library[version bson-3.2.2.jar], but I think it will better to raise this bug here...

it's my first time to add bug, if i missed some important info please note me

Generated at Thu Feb 08 08:56:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.