[SERVER-86210] jstestfuzz can override mongo shell helpers that it later expects to work correctly Created: 05/Feb/24  Updated: 06/Feb/24

Status: Needs Scheduling
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: George Wangensteen Assignee: Backlog - Query Optimization
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Assigned Teams:
Query Optimization
Participants:
Linked BF Score: 6

 Description   

jstestfuzz can override mongo shell built-ins, but then later call those built-ins in a way that expects them to work correctly.
For example, it can generate statements like:
DBCommandCursor.prototype.next = MinKey;

And then later generate statements like:
var collectionsList = new DBCommandCursor(db, db.runCommand({
'listCollections': 1,
nameOnly: true,
filter: {}
})).toArray();
} catch (e) {
}

Because we redefined 'next' to simply return MinKey and not correctly interact with DBCommandCursor's internals, DBCommandCursor.prototype.toArray is now broken and will infinitely loop (it relies on next() advancing internal state to track traversal of elements).

We need to either ban the fuzzer from generating such overrides/redefinitions, or find a way to make them safe and ensure that we don't rely on the original definitions for the fuzzer to run safely to completion.


Generated at Thu Feb 08 06:59:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.