[SERVER-19607] No depth limit checks with SpiderMonkey leads to server crash Created: 27/Jul/15 Updated: 07/Oct/15 Resolved: 21/Sep/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | JavaScript |
| Affects Version/s: | 3.1.6 |
| Fix Version/s: | 3.1.9 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | J Delaney | Assignee: | Mira Carey |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Sprint: | Platform 8 08/28/15, Platform 9 (09/18/15), Platform A (10/09/15) |
| Participants: |
| Description |
|
When an object that has itself as a child is used it will lead to a crash in the server. With V8 the error "Exceeded depth limit of 150 when converting js object to BSON. Do you have a cycle?" would be emitted an no crash would occur. |
| Comments |
| Comment by Githook User [ 21/Sep/15 ] | |||||||||
|
Author: {u'username': u'hanumantmk', u'name': u'Jason Carey', u'email': u'jcarey@argv.me'}Message: Replace functional recursion in javascript object to bson conversion | |||||||||
| Comment by Mira Carey [ 15/Sep/15 ] | |||||||||
|
When I try that locally on my machine I get:
I suspect that the problem here is that for some platforms, especially with debug on, we can blow the stack before we actually get to the depth limit |