[SERVER-9089] 'Cloning' a document in JavaScript can create an empty _bson field Created: 22/Mar/13 Updated: 11/Jul/16 Resolved: 18/Apr/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | JavaScript |
| Affects Version/s: | 2.4.0 |
| Fix Version/s: | 2.4.3, 2.5.0 |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | Ben Becker | Assignee: | Mathias Stearn |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||
| Issue Links: |
|
||||||||
| Operating System: | ALL | ||||||||
| Participants: | |||||||||
| Description |
|
When a document is 'cloned' in JavaScript, or if a field named '_bson' is created on a JS object passed to an internal mongo function, unwrapHolder() may return a NULL pointer. This is unchecked at most call-sites. |
| Comments |
| Comment by auto [ 18/Apr/13 ] | |||||||||||
|
Author: {u'date': u'2013-04-18T18:41:28Z', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}Message: | |||||||||||
| Comment by auto [ 18/Apr/13 ] | |||||||||||
|
Author: {u'date': u'2013-04-18T18:41:28Z', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}Message: | |||||||||||
| Comment by Mathias Stearn [ 18/Apr/13 ] | |||||||||||
|
Easier repro: try converting any real v8 object (ie one that wasn't sourced from BSON) with a field named _bson to BSON
|