[SERVER-11671] Bad stored Javascript causes db.eval() to segfault the server Created: 12/Nov/13 Updated: 07/Jan/15 Resolved: 06/Dec/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | JavaScript |
| Affects Version/s: | 2.4.8 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Blocker - P1 |
| Reporter: | Chris Heald | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | crash | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
OSX Mavericks |
||
| Attachments: |
|
||||||||
| Issue Links: |
|
||||||||
| Operating System: | OS X | ||||||||
| Steps To Reproduce: | database.eval <<-EOF |
||||||||
| Participants: | |||||||||
| Description |
|
Executing a db.eval() segfaults the server. We've been unable to replicate this on 2.4.3 on a Linux machine, and it seems to be related somehow to old data, as the same operation on a completely clean mongod install doesn't segfault. The log mentions "map_heatmap" and "reduce_heatmap" functions, which don't appear in our code or collections (as far as we can tell). However, they show up via mongodump. Tue Nov 12 18:17:03.143 [initandlisten] connection accepted from 127.0.0.1:53299 #6 (4 connections now open) Tue Nov 12 18:17:04.145 Got signal: 11 (Segmentation fault: 11). Tue Nov 12 18:17:04.149 Backtrace: Querying db.system.js.find() results in: follow:PRIMARY> db.system.js.find() } See the attached js.tar.gz for mongodumps of the system.js collection in question. Attempting to remove the functions in question from the collection failed - it seems that the syntax errors prevent mongo from doing anything with them, and then eval just trashes the whole daemon when it tries to interpret them. |
| Comments |
| Comment by Daniel Pasette (Inactive) [ 06/Dec/13 ] |
|
the fix for |
| Comment by Andrew Morrow (Inactive) [ 13/Nov/13 ] |
|
Chris - The v8 fix has been applied for the 2.5 development series, but it is not in 2.4. The best workaround for 2.4 on Mavericks is to build mongodb with GCC rather than clang. |
| Comment by Chris Heald [ 13/Nov/13 ] |
|
Looks like that's a likely culprit. Looks like we can close this one. |
| Comment by Andrew Morrow (Inactive) [ 13/Nov/13 ] |
|
Hi Chris - This is almost certainly due to |
| Comment by Chris Heald [ 12/Nov/13 ] |
|
I pasted the wrong bit into "steps to reproduce". You just mongoimport the system.js collection, then attempt to run a db.eval against that database. The server will crash when it attempts to load that stored JS. |