[SERVER-64002] Consistently disallow out-of-bounds access to the children vector of MatchExpressions Created: 25/Feb/22 Updated: 29/Oct/23 Resolved: 11/Jul/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.1.0-rc0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Davis Haupt (Inactive) | Assignee: | Lynne Wang |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | quick-tech-debt | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Sprint: | QO 2022-06-27, QO 2022-07-11, QO 2022-07-25 |
| Participants: |
| Description |
|
Right now, different subclasses of `MatchExpression` have different failure behavior for the `getChild(size_t index)` function. Some have an invariant, while some will blindly pass on the out-of-bounds index to the underlying vector, which will result in a segfault. This behavior should be standardized, either with invariant (what some do currently) or tassert (probably makes more sense, no reason to crash the whole server in this case). |
| Comments |
| Comment by Githook User [ 03/Jul/22 ] |
|
Author: {'name': 'Lynne Wang', 'email': 'lynne.wang@mongodb.com'}Message: |