[SERVER-12426] explain results with specific query on certain data crashes shell Created: 22/Jan/14  Updated: 11/Jul/16  Resolved: 24/Jan/14

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: None
Fix Version/s: 2.5.5

Type: Bug Priority: Major - P3
Reporter: Andrew Emil (Inactive) Assignee: Benety Goh
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File dump.tar.gz    
Issue Links:
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

Updated description:

To trigger this issue, run any query that involves an indexed query with a timestamp in the predicate. This will generate an index interval with max(timestamp) as the upper bound. Currently, the query framework gets max(timestamp) from BSONObjBuilder::appendMaxForType() which defines max(timestamp) as max(uint32_t) seconds since epoch.

Unfortunately, the shell can only display timestamps up to the year 2039 (slightly less than max(int32_t) and crashes when it tries to convert any timestamp from the server larger than that.

The Fix: updated max(timestamp) in both server and shell to be max(int32_t) seconds.

------
Note that despite the query not returning anything, I have been only been able to reproduce this against the data attached to this ticket. The results from this query + explain will crash the shell on both master (git hash: f65a0b814b8c77e3fbe90bca0c061c9b77f6acdb) and 2.4.9 (using either shell).

> use test
switched to db test
> db.version()
2.5.5-pre-
> db.test3.find({_id: {"$type": 17}}).explain()
{
        "cursor" : "BasicCursor",
        "isMultiKey" : false,
        "n" : 0,
        "nscannedObjects" : 0,
        "nscanned" : 0,
        "nscannedObjectsAllPlans" : 0,
        "nscannedAllPlans" : 0,
        "scanAndOrder" : false,
        "indexOnly" : false,
        "nYields" : 0,
        "nChunkSkips" : 0,
        "millis" : 0,
        "server" : "Andrew-Emil-MacBook-Pro.local:27018"
}
> use qry
switched to db qry
> db.test3.find({_id: {"$type": 17}})
> db.test3.find({_id: {"$type": 17}}).explain()
mongo got signal 11 (Segmentation fault: 11), stack trace:
0x10013583b 0x1000018e9 0x7fff92ba994a 0x7fff5fbfd428 0x1001d38eb 0x1000b6a20 0x1000b6a12 0x1000b4a35 0x100334b8c 0x1003345f2 0x10037a972 0x1210a9b06362 0x1210a9b1701e
 0   mongo                               0x000000010013583b _ZN5mongo15printStackTraceERSo + 43
 1   mongo                               0x00000001000018e9 _Z12quitAbruptlyi + 217
 2   libsystem_c.dylib                   0x00007fff92ba994a _sigtramp + 26
 3   ???                                 0x00007fff5fbfd428 0x0 + 140734799795240
 4   mongo                               0x00000001001d38eb _ZN2v86Object3SetEjNS_6HandleINS_5ValueEEE + 283
 5   mongo                               0x00000001000b6a20 _ZN5mongo7V8Scope16mongoToV8ElementERKNS_11BSONElementEb + 1048
 6   mongo                               0x00000001000b6a12 _ZN5mongo7V8Scope16mongoToV8ElementERKNS_11BSONElementEb + 1034
 7   mongo                               0x00000001000b4a35 _ZN5mongoL8namedGetEN2v85LocalINS0_6StringEEERKNS0_12AccessorInfoE + 629
 8   mongo                               0x0000000100334b8c _ZN2v88internal8JSObject35GetPropertyAttributeWithInterceptorEPS1_PNS0_6StringEb + 822
 9   mongo                               0x00000001003345f2 _ZN2v88internal10JSReceiver32GetPropertyAttributeWithReceiverEPS1_PNS0_6StringE + 252
 10  mongo                               0x000000010037a972 _ZN2v88internal19Runtime_HasPropertyENS0_9ArgumentsEPNS0_7IsolateE + 114
 11  ???                                 0x00001210a9b06362 0x0 + 19862775685986
 12  ???                                 0x00001210a9b1701e 0x0 + 19862775754782



 Comments   
Comment by Githook User [ 24/Jan/14 ]

Author:

{u'username': u'benety', u'name': u'Benety Goh', u'email': u'benety@mongodb.com'}

Message: SERVER-12426 updated max BSON timestamp to depend on OpTime::max() which is defined as max(int32_t) seconds since epoch.
Branch: master
https://github.com/mongodb/mongo/commit/2200ec891db98519701ba7192f42a644a405652e

Comment by Daniel Pasette (Inactive) [ 22/Jan/14 ]

was able to reproduce on attached code. crashing on converting explain output toString.

Generated at Thu Feb 08 03:28:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.