[SERVER-12433] Positional projection on query with $all crashes server Created: 22/Jan/14  Updated: 10/Dec/14  Resolved: 24/Jan/14

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: 2.5.5
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Ben Becker Assignee: Benety Goh
Resolution: Duplicate Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Duplicate
duplicates SERVER-12424 Certain $ projections can crash the s... Closed
Related
is related to SERVER-12431 Positional projection on $or query ca... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

db.foo.find({"a":{$all:[1]}},

{"a.$":1}

)

Participants:

 Description   

Similar to SERVER-12431, an $all query with a positional projection causes the server to crash.

db.foo.find({"a":{$all:[1]}},{"a.$":1})

Stack Trace:

Process 19406 launched: './mongod' (x86_64)
./mongod --help for help and startup options
2014-01-22T09:36:14.983-0800 [initandlisten] MongoDB starting : pid=19406 port=27017 dbpath=/data/db 64-bit host=fifiteener.local
2014-01-22T09:36:14.983-0800 [initandlisten] 
2014-01-22T09:36:14.983-0800 [initandlisten] ** NOTE: This is a development version (2.5.5-pre-) of MongoDB.
2014-01-22T09:36:14.983-0800 [initandlisten] **       Not recommended for production.
2014-01-22T09:36:14.983-0800 [initandlisten] 
2014-01-22T09:36:14.983-0800 [initandlisten] ** WARNING: soft rlimits too low. Number of files is 256, should be at least 1000
2014-01-22T09:36:14.983-0800 [initandlisten] 
2014-01-22T09:36:14.983-0800 [initandlisten] db version v2.5.5-pre-
2014-01-22T09:36:14.983-0800 [initandlisten] git version: f564c31f4e00d53158e7dd26a7ccf013478761ea
2014-01-22T09:36:14.983-0800 [initandlisten] build info: Darwin fifiteener.local 13.0.2 Darwin Kernel Version 13.0.2: Sun Sep 29 19:38:57 PDT 2013; root:xnu-2422.75.4~1/RELEASE_X86_64 x86_64 BOOST_LIB_VERSION=1_49
2014-01-22T09:36:14.983-0800 [initandlisten] allocator: tcmalloc
2014-01-22T09:36:14.983-0800 [initandlisten] options: {}
2014-01-22T09:36:14.984-0800 [initandlisten] journal dir=/data/db/journal
2014-01-22T09:36:14.985-0800 [initandlisten] recover begin
2014-01-22T09:36:14.985-0800 [initandlisten] recover lsn: 0
2014-01-22T09:36:14.985-0800 [initandlisten] recover /data/db/journal/j._0
2014-01-22T09:36:14.987-0800 [initandlisten] recover cleaning up
2014-01-22T09:36:14.987-0800 [initandlisten] removeJournalFiles
2014-01-22T09:36:14.988-0800 [initandlisten] recover done
2014-01-22T09:36:15.001-0800 [initandlisten] waiting for connections on port 27017
2014-01-22T09:36:17.238-0800 [initandlisten] connection accepted from 127.0.0.1:53513 #1 (1 connection now open)
Process 19406 stopped
* thread #2: tid = 0xa66e3, 0x000000010040e5d6 mongod`mongo::ParsedProjection::_hasPositionalOperatorMatch(query=0x0000000104a5d500, matchfield=0x000000010511aa88) + 38 at parsed_projection.cpp:282, stop reason = EXC_BAD_ACCESS (code=1, address=0x10)
    frame #0: 0x000000010040e5d6 mongod`mongo::ParsedProjection::_hasPositionalOperatorMatch(query=0x0000000104a5d500, matchfield=0x000000010511aa88) + 38 at parsed_projection.cpp:282
   279 	    bool ParsedProjection::_hasPositionalOperatorMatch(const MatchExpression* const query,
   280 	                                                       const std::string& matchfield) {
   281 	        if (query->isLogical()) {
-> 282 	            for (unsigned int i = 0; i < query->numChildren(); ++i) {
   283 	                if (_hasPositionalOperatorMatch(query->getChild(i), matchfield)) {
   284 	                    return true;
   285 	                }
(lldb) bt
* thread #2: tid = 0xa66e3, 0x000000010040e5d6 mongod`mongo::ParsedProjection::_hasPositionalOperatorMatch(query=0x0000000104a5d500, matchfield=0x000000010511aa88) + 38 at parsed_projection.cpp:282, stop reason = EXC_BAD_ACCESS (code=1, address=0x10)
    frame #0: 0x000000010040e5d6 mongod`mongo::ParsedProjection::_hasPositionalOperatorMatch(query=0x0000000104a5d500, matchfield=0x000000010511aa88) + 38 at parsed_projection.cpp:282
    frame #1: 0x000000010040c4f5 mongod`mongo::ParsedProjection::make(spec=0x0000000104948300, query=0x0000000104a5d500, out=0x000000010511adf0) + 1269 at parsed_projection.cpp:222
    frame #2: 0x00000001003ec15e mongod`mongo::CanonicalQuery::init(this=0x0000000104a8c220, lpq=<unavailable>) + 286 at canonical_query.cpp:437
    frame #3: 0x00000001003ebec9 mongod`mongo::CanonicalQuery::canonicalize(qm=<unavailable>, out=0x000000010511b1f8) + 137 at canonical_query.cpp:193
    frame #4: 0x00000001004093ee mongod`mongo::newRunQuery(m=<unavailable>, q=<unavailable>, curop=0x0000000104962c00, result=0x000000010495c210) + 1358 at new_find.cpp:387
    frame #5: 0x00000001002be10b mongod`mongo::assembleResponse(mongo::Message&, mongo::DbResponse&, mongo::HostAndPort const&) [inlined] mongo::receivedQuery(this=0x0000000100778557, isArray=false, full=false) + 195 at instance.cpp:265
    frame #6: 0x00000001002be048 mongod`mongo::assembleResponse(m=<unavailable>, dbresponse=0x000000010511bb50, remote=0x000000010511bb00) + 1464 at instance.cpp:428
    frame #7: 0x000000010000efc7 mongod`mongo::MyMessageHandler::process(this=<unavailable>, m=0x000000010511bd28, port=0x000000010491acd0, le=0x000000010491bbd0) + 183 at db.cpp:201
    frame #8: 0x00000001006e98b1 mongod`mongo::PortMessageServer::handleIncomingMsg(arg=0x0000000104a6d860) + 913 at message_server_port.cpp:209
    frame #9: 0x00000001007680b1 mongod`thread_proxy(param=<unavailable>) + 177 at thread.cpp:121
    frame #10: 0x00007fff86eca899 libsystem_pthread.dylib`_pthread_body + 138
    frame #11: 0x00007fff86eca72a libsystem_pthread.dylib`_pthread_start + 137
    frame #12: 0x00007fff86ecefc9 libsystem_pthread.dylib`thread_start + 13
(lldb) 


Generated at Thu Feb 08 03:28:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.