[SERVER-18086] canonical_query_test helper parseNormalize() keeps pointers to memory inside freed BSONObj Created: 16/Apr/15 Updated: 05/Feb/16 Resolved: 16/Jun/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Querying |
| Affects Version/s: | None |
| Fix Version/s: | 3.1.5 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | J Rassi | Assignee: | Qingyang Chen |
| Resolution: | Done | Votes: | 0 |
| Labels: | neweng | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Sprint: | Quint Iteration 5 |
| Participants: |
| Description |
|
The parseNormalize() helper in canonical_query_test.cpp returns a MatchExpression created from a temporary BSONObj, which is not valid. Note that the tests in this file happen to not examine the BSONElement members of the returned MatchExpression objects (which is how this issue went undetected). |
| Comments |
| Comment by Githook User [ 01/Jul/15 ] |
|
Author: {u'username': u'coollog', u'name': u'Qingyang Chen', u'email': u'qingyang.chen@10gen.com'}Message: |
| Comment by Githook User [ 01/Jul/15 ] |
|
Author: {u'username': u'coollog', u'name': u'Qingyang Chen', u'email': u'qingyang.chen@10gen.com'}Message: |
| Comment by Githook User [ 16/Jun/15 ] |
|
Author: {u'username': u'coollog', u'name': u'Qingyang Chen', u'email': u'qingyang.chen@10gen.com'}Message: Closes #983 Signed-off-by: Jason Rassi <rassi@10gen.com> |
| Comment by Qingyang Chen [ 09/Jun/15 ] |
|
Has merge conflicts.. |
| Comment by J Rassi [ 08/Jun/15 ] |
|
parseNormalize() should be deleted, and its callers should be converted to use parseMatchExpression (another helper in the same file). |