[SERVER-20833] Conditional jump or move depends on uninitialised value(s) in expression_parser_test Created: 08/Oct/15  Updated: 17/Nov/15  Resolved: 11/Nov/15

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: None
Fix Version/s: 3.2.0-rc3

Type: Bug Priority: Major - P3
Reporter: Eric Milkie Assignee: James Wahlin
Resolution: Done Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by SERVER-21296 TypeMatchExpression::matches uses uni... Closed
Backwards Compatibility: Minor Change
Operating System: ALL
Steps To Reproduce:

==3479== Conditional jump or move depends on uninitialised value(s)
==3479==    at 0x5ACB7C: mongo::TypeMatchExpression::matches(mongo::MatchableDocument const*, mongo::MatchDetails*) const (expression_leaf.cpp:459)
==3479==    by 0x5A7B76: mongo::MatchExpression::matchesBSON(mongo::BSONObj const&, mongo::MatchDetails*) const (expression.cpp:55)
==3479==    by 0x52043F: mongo::UnitTest__MatchExpressionParserLeafTest__TypeStringnameNumber::_doTest() (expression_parser_leaf_test.cpp:776)
==3479==    by 0x5D492B: mongo::unittest::Test::run() (unittest.cpp:147)
==3479==    by 0x554E6B: void mongo::unittest::Suite::runTestObject<mongo::UnitTest__MatchExpressionParserLeafTest__TypeStringnameNumber>() (unittest.h:405)
==3479==    by 0x5D56B3: operator() (functional:2271)
==3479==    by 0x5D56B3: run (unittest.h:257)
==3479==    by 0x5D56B3: mongo::unittest::Suite::run(std::string const&, int) (unittest.cpp:263)
==3479==    by 0x5D6E07: mongo::unittest::Suite::run(std::vector<std::string, std::allocator<std::string> > const&, std::string const&, int) (unittest.cpp:321)
==3479==    by 0x5DA5EF: main (unittest_main.cpp:40)
==3479==  Uninitialised value was created by a heap allocation
==3479==    at 0x4C29326: operator new(unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3479==    by 0x5B39AB: make_unique<mongo::TypeMatchExpression> (make_unique_object.hpp:21)
==3479==    by 0x5B39AB: mongo::MatchExpressionParser::_parseType(char const*, mongo::BSONElement const&) (expression_parser.cpp:625)
==3479==    by 0x5B1AF4: mongo::MatchExpressionParser::_parseSubField(mongo::BSONObj const&, mongo::AndMatchExpression const*, char const*, mongo::BSONElement const&, int) (expression_parser.cpp:221)
==3479==    by 0x5B8A81: mongo::MatchExpressionParser::_parseSub(char const*, mongo::BSONObj const&, mongo::AndMatchExpression*, int) (expression_parser.cpp:443)
==3479==    by 0x5B70F5: mongo::MatchExpressionParser::_parse(mongo::BSONObj const&, int) (expression_parser.cpp:363)
==3479==    by 0x51FF02: parse (expression_parser.h:70)
==3479==    by 0x51FF02: mongo::UnitTest__MatchExpressionParserLeafTest__TypeStringnameNumber::_doTest() (expression_parser_leaf_test.cpp:770)
==3479==    by 0x5D492B: mongo::unittest::Test::run() (unittest.cpp:147)
==3479==    by 0x554E6B: void mongo::unittest::Suite::runTestObject<mongo::UnitTest__MatchExpressionParserLeafTest__TypeStringnameNumber>() (unittest.h:405)
==3479==    by 0x5D56B3: operator() (functional:2271)
==3479==    by 0x5D56B3: run (unittest.h:257)
==3479==    by 0x5D56B3: mongo::unittest::Suite::run(std::string const&, int) (unittest.cpp:263)
==3479==    by 0x5D6E07: mongo::unittest::Suite::run(std::vector<std::string, std::allocator<std::string> > const&, std::string const&, int) (unittest.cpp:321)
==3479==    by 0x5DA5EF: main (unittest_main.cpp:40)
==3479== 

Sprint: QuInt C (11/23/15)
Participants:

 Description   

Need to initialize TypeMatchExpression::_type, apparently.



 Comments   
Comment by Githook User [ 11/Nov/15 ]

Author:

{u'username': u'jameswahlin', u'name': u'James Wahlin', u'email': u'james.wahlin@10gen.com'}

Message: SERVER-20833 Uninitialised value in TypeMatchExpression
Branch: master
https://github.com/mongodb/mongo/commit/46c26ad717f43e1023a3ba4dcb21ef11bdc23bb8

Comment by J Rassi [ 03/Nov/15 ]

It looks like this is a bug in TypeMatchExpression, and can possibly cause incorrect results to be generated for {$type: "number"} queries.

Setting fix version to "3.1 Required".

Generated at Thu Feb 08 03:55:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.