|
Observed behavior: The $substr expression implementation directly calls c++'s string::substr with numeric arguments supplied to it. If the pos argument is greater than the size of the string, string::substr will throw an out_of_range exception and the mongod process will abort.
Expected behavior: The $substr expression validates its arguments and returns an empty string or uasserts in this case.
Test:
c = db.c;
|
c.drop();
|
|
c.save( {} );
|
|
printjson( c.aggregate( { $project:{ a:{ $substr:[ 'a', 2, 1 ] } } } ) );
|
Log:
Fri Jun 22 17:32:47 [conn1] ERROR: Uncaught std::exception: basic_string::substr, terminating
|
Fri Jun 22 17:32:47 dbexit:
|
Fri Jun 22 17:32:47 [conn1] shutdown: going to close listening sockets...
|
Fri Jun 22 17:32:47 [conn1] closing listening socket: 6
|
Fri Jun 22 17:32:47 [conn1] closing listening socket: 7
|
Fri Jun 22 17:32:47 [initandlisten] now exiting
|
Fri Jun 22 17:32:47 dbexit: ; exiting immediately
|
|