[SERVER-31038] DBCollection.prototype.createIndexes can stall when given object with large "length" property Created: 11/Sep/17  Updated: 08/Jan/24  Resolved: 19/Sep/17

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: None
Fix Version/s: 3.6.0-rc0

Type: Bug Priority: Minor - P4
Reporter: Ian Boros Assignee: Ian Boros
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-19474 Calling createIndex() can cause the s... Closed
related to SERVER-19672 Array functions in shell can cause stall Closed
Backwards Compatibility: Minor Change
Operating System: ALL
Steps To Reproduce:

Run the following in the shell:

db.foo.createIndexes({"length": 1000000})

Participants:

 Description   

When createIndexes is called, it immediately does a loop over keys.length. If instead of passing in an array for keys, we pass an object with a field called length that has a large value, the shell will stall in the loop. This causes some issues in the jstestfuzzer.

I think the easiest solution would be to just check whether keys is actually an array at the beginning of the function, and if not, to return or throw an error without entering the loop.

This problem is similar to the bug reported here a few years back:
SERVER-19474



 Comments   
Comment by Githook User [ 19/Sep/17 ]

Author:

{'name': 'Ian Boros', 'email': 'ian.boros@10gen.com'}

Message: SERVER-31038 Fix possible stall from happening in DBCollection.createIndexes
Branch: master
https://github.com/mongodb/mongo/commit/614cbd5a16c483df81f421f94fcdfdd995f8cc71

Generated at Thu Feb 08 04:25:48 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.