[SERVER-19607] No depth limit checks with SpiderMonkey leads to server crash Created: 27/Jul/15  Updated: 07/Oct/15  Resolved: 21/Sep/15

Status: Closed
Project: Core Server
Component/s: JavaScript
Affects Version/s: 3.1.6
Fix Version/s: 3.1.9

Type: Bug Priority: Major - P3
Reporter: J Delaney Assignee: Mira Carey
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platform 8 08/28/15, Platform 9 (09/18/15), Platform A (10/09/15)
Participants:

 Description   

When an object that has itself as a child is used it will lead to a crash in the server. With V8 the error "Exceeded depth limit of 150 when converting js object to BSON. Do you have a cycle?" would be emitted an no crash would occur.



 Comments   
Comment by Githook User [ 21/Sep/15 ]

Author:

{u'username': u'hanumantmk', u'name': u'Jason Carey', u'email': u'jcarey@argv.me'}

Message: SERVER-19607 no recursion in JS -> BSON conversion

Replace functional recursion in javascript object to bson conversion
with an explicit stack to minimize the memory cost of processing very
deep / cyclical objects. This prevents stack overflows on debug and
non-optimized builds on some platforms.
Branch: master
https://github.com/mongodb/mongo/commit/ee4f910322988cb9ba4784472a38a16ce2c0cdc9

Comment by Mira Carey [ 15/Sep/15 ]

When I try that locally on my machine I get:

MongoDB shell version: 3.1.9-pre-
connecting to: test
2015-09-15T12:21:54.405-0400 E QUERY    [thread1] Error: Exceeded depth limit of 150 when converting js object to BSON. Do you have a cycle? :
DBQuery.prototype._exec@src/mongo/shell/query.js:105:28
DBQuery.prototype.hasNext@src/mongo/shell/query.js:256:5
DBQuery.prototype.itcount@src/mongo/shell/query.js:367:13
@repro.js:5:1
 
failed to load: repro.js

I suspect that the problem here is that for some platforms, especially with debug on, we can blow the stack before we actually get to the depth limit

Generated at Thu Feb 08 03:51:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.