[SERVER-31038] DBCollection.prototype.createIndexes can stall when given object with large "length" property Created: 11/Sep/17 Updated: 08/Jan/24 Resolved: 19/Sep/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | None |
| Fix Version/s: | 3.6.0-rc0 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Ian Boros | Assignee: | Ian Boros |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||
| Operating System: | ALL | ||||||||||||
| Steps To Reproduce: | Run the following in the shell:
|
||||||||||||
| Participants: | |||||||||||||
| Description |
|
When createIndexes is called, it immediately does a loop over keys.length. If instead of passing in an array for keys, we pass an object with a field called length that has a large value, the shell will stall in the loop. This causes some issues in the jstestfuzzer. I think the easiest solution would be to just check whether keys is actually an array at the beginning of the function, and if not, to return or throw an error without entering the loop. This problem is similar to the bug reported here a few years back: |
| Comments |
| Comment by Githook User [ 19/Sep/17 ] |
|
Author: {'name': 'Ian Boros', 'email': 'ian.boros@10gen.com'}Message: |