[SERVER-22461] Crash in mozjs code with invalid NumberLong object Created: 04/Feb/16 Updated: 04/Jan/17 Resolved: 18/Feb/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | JavaScript |
| Affects Version/s: | 3.1.7 |
| Fix Version/s: | 3.3.2 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Kamran K. | Assignee: | Waley Chen |
| Resolution: | Done | Votes: | 0 |
| Labels: | bkp | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Backport Requested: |
v3.2
|
||||||||
| Sprint: | Platforms 10 (02/19/16) | ||||||||
| Participants: | |||||||||
| Linked BF Score: | 0 | ||||||||
| Description |
|
The SpiderMonkey integration code can crash on an invalid NumberLong object. The v8 integration code (in pre-3.1.7 versions) crashes in a similar manner. |
| Comments |
| Comment by Githook User [ 18/Feb/16 ] |
|
Author: {u'username': u'WaleyChen', u'name': u'Waley Chen', u'email': u'waleycz@gmail.com'}Message: |
| Comment by Githook User [ 16/Feb/16 ] |
|
Author: {u'username': u'milkie', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}Message: Revert " This reverts commit e99fdcb0f869f475d688fa42ba7e9e9b88a631bb. |
| Comment by Githook User [ 15/Feb/16 ] |
|
Author: {u'username': u'WaleyChen', u'name': u'Waley Chen', u'email': u'waleycz@gmail.com'}Message: |
| Comment by Githook User [ 11/Feb/16 ] |
|
Author: {u'username': u'hanumantmk', u'name': u'Jason Carey', u'email': u'jcarey@argv.me'}Message: Revert " This reverts commit ac424fe0c912f1e5553d40f79a168d09ccffef31. |
| Comment by Githook User [ 11/Feb/16 ] |
|
Author: {u'username': u'WaleyChen', u'name': u'Waley Chen', u'email': u'waleycz@gmail.com'}Message: |