[SERVER-18086] canonical_query_test helper parseNormalize() keeps pointers to memory inside freed BSONObj Created: 16/Apr/15  Updated: 05/Feb/16  Resolved: 16/Jun/15

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: None
Fix Version/s: 3.1.5

Type: Bug Priority: Major - P3
Reporter: J Rassi Assignee: Qingyang Chen
Resolution: Done Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Quint Iteration 5
Participants:

 Description   

The parseNormalize() helper in canonical_query_test.cpp returns a MatchExpression created from a temporary BSONObj, which is not valid.

Note that the tests in this file happen to not examine the BSONElement members of the returned MatchExpression objects (which is how this issue went undetected).



 Comments   
Comment by Githook User [ 01/Jul/15 ]

Author:

{u'username': u'coollog', u'name': u'Qingyang Chen', u'email': u'qingyang.chen@10gen.com'}

Message: SERVER-18086 fix leak in QueryPlanner::planFromCache
Branch: v2.6
https://github.com/mongodb/mongo/commit/16d594b5d2ca3ee0466513eb5d392d0e59084dac

Comment by Githook User [ 01/Jul/15 ]

Author:

{u'username': u'coollog', u'name': u'Qingyang Chen', u'email': u'qingyang.chen@10gen.com'}

Message: SERVER-18086 fix leak in QueryPlanner::planFromCache
Branch: v3.0
https://github.com/mongodb/mongo/commit/db0ba62bd4a375f86e36c992033894569233000f

Comment by Githook User [ 16/Jun/15 ]

Author:

{u'username': u'coollog', u'name': u'Qingyang Chen', u'email': u'qingyang.chen@10gen.com'}

Message: SERVER-18086 Fixed invalid pointer in canonical_query_test

Closes #983

Signed-off-by: Jason Rassi <rassi@10gen.com>
Branch: master
https://github.com/mongodb/mongo/commit/dd560fcda04fe577be6a9479dab1a8a32d0d46cf

Comment by Qingyang Chen [ 09/Jun/15 ]

Has merge conflicts..

Comment by J Rassi [ 08/Jun/15 ]

parseNormalize() should be deleted, and its callers should be converted to use parseMatchExpression (another helper in the same file).

Generated at Thu Feb 08 03:46:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.