[SERVER-1753] mongo shell crashes when an illformed bsonsize operation is performed Created: 08/Sep/10  Updated: 12/Jul/16  Resolved: 08/Sep/10

Status: Closed
Project: Core Server
Component/s: JavaScript
Affects Version/s: 1.6.2
Fix Version/s: 1.7.1

Type: Bug Priority: Major - P3
Reporter: Alvin Richards (Inactive) Assignee: Eliot Horowitz (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

> 1.6.2 for 64bit Centos from stable RPMs
> /data on XFS
No virtualization... 4 physical servers, 2 shards,  2 replica sets of
2 servers with 2 extra arbiter processes.


Operating System: ALL
Participants:

 Comments   
Comment by auto [ 08/Sep/10 ]

Author:

{'login': 'erh', 'name': 'Eliot Horowitz', 'email': 'eliot@10gen.com'}

Message: fix Object.bsonsize with null param SERVER-1753
http://github.com/mongodb/mongo/commit/296ddbb6b8855dfbb3f42dc73cf437a179e6185a

Comment by Alvin Richards (Inactive) [ 08/Sep/10 ]

Reproduce:
> Object.bsonsize(db.foo.findOne())

Where collection "foo" does not exist

> Object.bsonsize(db.foo.findOne())
Tue Sep 7 18:09:30 mongo got signal 10 (Bus error), stack trace:

Tue Sep 7 18:09:30 0x242e 0x97d5d1fb 0xffffffff 0x12171f 0x199f13 0x1ab614 0x19a8e9 0x15bc7d 0x15bbd4 0x15bade 0x128ec3 0x731f 0x9043 0x1a26
0 mongo 0x0000242e _Z12quitAbruptlyi + 382
1 libSystem.B.dylib 0x97d5d1fb _sigtramp + 43
2 ??? 0xffffffff 0x0 + 4294967295
3 mongo 0x0012171f ZN5mongo13bson_get_sizeEP9JSContextP8JSObjectjPlS4 + 111
4 mongo 0x00199f13 js_Invoke + 3275
5 mongo 0x001ab614 js_Interpret + 64874
6 mongo 0x0019a8e9 js_Execute + 774
7 mongo 0x0015bc7d JS_EvaluateUCScriptForPrincipals + 167
8 mongo 0x0015bbd4 JS_EvaluateUCScript + 67
9 mongo 0x0015bade JS_EvaluateScript + 108
10 mongo 0x00128ec3 _ZN5mongo7SMScope4execERKSsS2_bbbi + 499
11 mongo 0x0000731f _Z5_mainiPPc + 6271
12 mongo 0x00009043 main + 51
13 mongo 0x00001a26 start + 54

With the correct collection name you get

> Object.bsonsize(db.blogs.findOne())
52

Generated at Thu Feb 08 02:57:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.