[SERVER-3991] Indexing past the end of a string in mongo shell Created: 01/Oct/11 Updated: 11/Jul/16 Resolved: 15/Oct/11 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Shell |
| Affects Version/s: | 2.0.0 |
| Fix Version/s: | 2.1.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Tad Marshall | Assignee: | Eliot Horowitz (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Any |
||
| Operating System: | ALL |
| Participants: |
| Description |
|
In the mongo shell's dbshell.cpp file, the routine isBalanced() tries to figure out if you have finished typing. It checks to see if parentheses and braces are balanced and whether you might not be finished typing a long quoted string. The checking for balanced "()" and "{}" uses counters, but for apostrophes ("single quotes") and double quotes it uses a different method and fast forwards through the string looking for the matching element. This is a problem, because after this code breaks out of its switch statement there is a bit more code that assumes that the index variable is still in range. It isn't; the fast forward algorithm has set the index 'i' to code.size() and the expression 'code[i]' indexes off the end of the string. |
| Comments |
| Comment by auto [ 15/Oct/11 ] |
|
Author: {u'login': u'erh', u'name': u'Eliot', u'email': u'eliot@10gen.com'}Message: Merge pull request #116 from tadmarshall/
|
| Comment by auto [ 15/Oct/11 ] |
|
Author: {u'login': u'erh', u'name': u'Eliot', u'email': u'eliot@10gen.com'}Message: Merge pull request #116 from tadmarshall/
|
| Comment by Tad Marshall [ 13/Oct/11 ] |
|
I closed pull request 98 and opened https://github.com/mongodb/mongo/pull/116 to replace it. |
| Comment by Tad Marshall [ 06/Oct/11 ] |
|
Pull request https://github.com/mongodb/mongo/pull/98 addresses this. |
| Comment by Tad Marshall [ 01/Oct/11 ] |
|
The reason that non-debug builds do not show any problem is that the [] operator does not check index bounds and all |