[SERVER-15639] Text queries can return incorrect results and leak memory when multiple predicates given on same text index prefix field Created: 14/Oct/14  Updated: 11/Mar/15  Resolved: 16/Oct/14

Status: Closed
Project: Core Server
Component/s: Internal Code, Querying
Affects Version/s: 2.6.0
Fix Version/s: 2.6.6, 2.7.8

Type: Bug Priority: Major - P3
Reporter: Andrew Morrow (Inactive) Assignee: J Rassi
Resolution: Done Votes: 0
Labels: 28qa, address-sanitizer, leak-sanitizer, memory-leak
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-16889 Query subsystem public API should use... Closed
Tested
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Participants:

 Description   

The query subsystem does not correctly handle text queries against a compound text index where multiple equality predicates are given on the same text index prefix field.

For example, the query {$and:[{a:1},{a:2},{$text:{$search:"foo"}}]} will erroneously return the document {a:2,b:foo} if a query plan over an index with key pattern {a:1,b:"text"} is chosen.

Original description:

In QueryPlannerAccess::finishTextNode a vector of MatchExpression*'s called 'prefixExpr's is populated in a loop. The populated vector is intended to own all of the MatchExpressions. However, it is possible in the loop body for the same index to be written more than once. If this occurs, the object originally owned by that slot in the vector will be leaked.



 Comments   
Comment by Githook User [ 24/Nov/14 ]

Author:

{u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}

Message: SERVER-15639 Correctly handle >1 pred on same text index prefix field

(cherry picked from commit 1579d801925ce9b92de088ca766483540cf6e741)
Branch: v2.6
https://github.com/mongodb/mongo/commit/fff8f3297645b6923d881d67a6d1008fe905543a

Comment by Githook User [ 16/Oct/14 ]

Author:

{u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}

Message: SERVER-15639 Correctly handle >1 pred on same text index prefix field
Branch: master
https://github.com/mongodb/mongo/commit/1579d801925ce9b92de088ca766483540cf6e741

Generated at Thu Feb 08 03:38:34 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.