[SERVER-3060] db.artworks.findOne("genome.genes.Color.$gt", 0) terminates shell Created: 07/May/11  Updated: 15/Aug/12  Resolved: 03/Jun/12

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 1.8.1, 2.0.0, 2.1.1
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Daniel Doubrovkine Assignee: Tad Marshall
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

1.8.1, Ubuntu Linux


Issue Links:
Duplicate
duplicates SERVER-5842 Exceptions thrown in scripting/engine... Closed
Backwards Compatibility: Fully Compatible
Operating System: Linux
Participants:

 Description   

Running this (invalid) query: db.artworks.findOne("genome.genes.Color.$gt", 0) terminates the shell.

dblock@dblock-magenta:~/source/Gravity/dblock$ mongo
MongoDB shell version: 1.8.1
connecting to: test
> db.artworks.findOne("genome.genes.Color.$gt", 0)
Sat May  7 08:56:00 terminate() called in shell, printing stack:
0x80ad346 0x1bbfa5 0x1bbfe2 0x1bc14e 0x810fc46 0x81613f8 0x81f4f5e 0x8205db7 0x81f58e0 0x81bb751 0x81bb6a8 0x81bb5b2 0x816a48d 0x80b144b 0x80b2e2a 0xbd7e37 0x80ac3a1 
 mongo(_Z11myterminatev+0x56) [0x80ad346]
 /usr/lib/i386-linux-gnu/libstdc++.so.6(+0xabfa5) [0x1bbfa5]
 /usr/lib/i386-linux-gnu/libstdc++.so.6(+0xabfe2) [0x1bbfe2]
 /usr/lib/i386-linux-gnu/libstdc++.so.6(+0xac14e) [0x1bc14e]
 mongo(_ZN5mongo9uassertedEiPKc+0xd6) [0x810fc46]
 mongo(_ZN5mongo10mongo_findEP9JSContextP8JSObjectjPlS4_+0x648) [0x81613f8]
 mongo(js_Invoke+0xc34) [0x81f4f5e]
 mongo(js_Interpret+0xf5e6) [0x8205db7]
 mongo(js_Execute+0x2f4) [0x81f58e0]
 mongo(JS_EvaluateUCScriptForPrincipals+0xa7) [0x81bb751]
 mongo(JS_EvaluateUCScript+0x43) [0x81bb6a8]
 mongo(JS_EvaluateScript+0x6c) [0x81bb5b2]
 mongo(_ZN5mongo7SMScope4execERKNS_10StringDataERKSsbbbi+0x11d) [0x816a48d]
 mongo(_Z5_mainiPPc+0x216b) [0x80b144b]
 mongo(main+0x4a) [0x80b2e2a]
 /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0xbd7e37]
 mongo(__gxx_personality_v0+0x24d) [0x80ac3a1]



 Comments   
Comment by Tad Marshall [ 03/Jun/12 ]

This was fixed by catching all C++ exceptions in engine_spidermonkey.cpp and sm_db.cpp.

Comment by Antoine Girbal [ 03/Nov/11 ]

Tad, thanks for help.
Will take a look when this ticket is scheduled.

Comment by Tad Marshall [ 26/Oct/11 ]

Just for fun, I looked at this one and found out what was happening. An exception is thrown in scripting\engine_spidermonkey.cpp (because the 0 is not an object) and this transfers control all the way back to shell/dbshell.cpp, leaving SpiderMonkey in a bad state. I uploaded a fix to my fork for the mongo_find() routine that this example hits, but the same problems exists in mongo_update, mongo_insert, and mongo_remove and perhaps other routines. You can look at my fix if you want, but it's just putting the sensitive calls inside try/catch.

My branch: https://github.com/tadmarshall/mongo/tree/SERVER-3060-partial-fix

The commit: https://github.com/tadmarshall/mongo/commit/ca10f4ecf1a6129911f7d3d4dc26be28fa8f6b9b

I won't issue a pull request unless you want me to, this bug is Antoine's to handle as he pleases. There may well be a better way to fix it, I don't know. I'm sorry if looking at it is poor form, but I was curious.

Comment by Antoine Girbal [ 12/Oct/11 ]

Testing with mongo 2.0.
I am not seeing the same issue but still not good:

> db.foo.findOne()
{
"_id" : ObjectId("4e4d670844aef4e8d8958469"),
"point" : [
52,
-33
],
"name" : "starbucks"
}
> db.foo.findOne("genome.genes.Color.$gt", 0)
error:not an object
> db.foo.findOne()
-> this makes shell hang and use 100% CPU.

Now testing with master branch, this time it gets an exception

> db.foo.findOne("genome.genes.Color.$gt", 0)
error:not an object
> db.foo.findOne()
Tue Oct 11 20:56:45 mongo got signal 11 (Segmentation fault), stack trace:

Tue Oct 11 20:56:45 0x5dc8bb 0x5d69cb 0x7f9b4a5a6d80 0x68cb5e 0x6d9409 0x6d7079 0x665da7 0x666082 0x667058 0x666ff1 0x666ee2 0x659f4d 0x5d9d2b 0x5dab0c 0x7f9b4a591eff 0x5d4be9
./mongo(_ZN5mongo15printStackTraceERSo+0x27) [0x5dc8bb]
./mongo(_Z12quitAbruptlyi+0xe8) [0x5d69cb]
/lib/x86_64-linux-gnu/libc.so.6(+0x33d80) [0x7f9b4a5a6d80]
./mongo(js_EmitTree+0x3963) [0x68cb5e]
./mongo() [0x6d9409]
./mongo(js_CompileTokenStream+0xd9) [0x6d7079]
./mongo() [0x665da7]
./mongo(JS_CompileUCScriptForPrincipals+0x86) [0x666082]
./mongo(JS_EvaluateUCScriptForPrincipals+0x65) [0x667058]
./mongo(JS_EvaluateUCScript+0x57) [0x666ff1]
./mongo(JS_EvaluateScript+0x79) [0x666ee2]
./mongo(_ZN5mongo7SMScope4execERKNS_10StringDataERKSsbbbi+0xef) [0x659f4d]
./mongo(_Z5_mainiPPc+0x2206) [0x5d9d2b]
./mongo(main+0x79) [0x5dab0c]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xff) [0x7f9b4a591eff]
./mongo() [0x5d4be9]

Generated at Thu Feb 08 03:01:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.