[SERVER-79161] Deeply nested queries can segfault expression parser Created: 20/Jul/23 Updated: 27/Jul/23 Resolved: 27/Jul/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Matt Boros | Assignee: | Backlog - Query Optimization |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | query-director-triage | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Assigned Teams: |
Query Optimization
|
||||||||||||
| Operating System: | ALL | ||||||||||||
| Sprint: | QO 2023-08-07 | ||||||||||||
| Participants: | |||||||||||||
| Linked BF Score: | 45 | ||||||||||||
| Description |
|
Details in dev-only comment below. The depth limit for a query appears to be implicit in BSON, rather than enforced on the server side. We could add an explicit limit, or fix the expression parsing code (and other code that may crash later on in the system for this query) to not crash. This recursive parsing code has been around for a while so this isn't a 7.0 specific bug. |
| Comments |
| Comment by Matt Boros [ 27/Jul/23 ] | |
|
The plan is to recommit this test (it was reverted) and have it bail out if debug is on or sanitizers are on. | |
| Comment by Matt Boros [ 27/Jul/23 ] | |
|
Won't fix as this is specific to ASAN and doesn't occur on standard builds. | |
| Comment by Jacob Evans [ 21/Jul/23 ] | |
|
I believe this may be ASAN which is togglable independent of building with debug info or optimization level. | |
| Comment by Matt Boros [ 21/Jul/23 ] | |
|
I'd like this test to bail out if we see buildInfo.debug is on. We only really care about testing the optimized builds. The debug builds have had a few BFs already and isn't the target case for this test anyway. | |
| Comment by Jacob Evans [ 20/Jul/23 ] | |
|
ASAN is likely to make them much larger. | |
| Comment by Matt Boros [ 20/Jul/23 ] | |
|
Maybe the solution is to lower the depth on this test when debug is on, if the larger stack frames from debug=on is the cause of this. | |
| Comment by Matt Boros [ 20/Jul/23 ] | |
|
Could the issue be that BF-29371 has debug and ASAN on? The limit I ran into when constructing this query was in json object to BSON conversion:
The depth that succeeded locally is around 144. Do you know where the BSON depth check is in the server? |