<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:26:27 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-11671] Bad stored Javascript causes db.eval() to segfault the server</title>
                <link>https://jira.mongodb.org/browse/SERVER-11671</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Executing a db.eval() segfaults the server. We&apos;ve been unable to replicate this on 2.4.3 on a Linux machine, and it seems to be related somehow to old data, as the same operation on a completely clean mongod install doesn&apos;t segfault.&lt;/p&gt;

&lt;p&gt;The log mentions &quot;map_heatmap&quot; and &quot;reduce_heatmap&quot; functions, which don&apos;t appear in our code or collections (as far as we can tell). However, they show up via mongodump.&lt;/p&gt;

&lt;p&gt;Tue Nov 12 18:17:03.143 &lt;span class=&quot;error&quot;&gt;&amp;#91;initandlisten&amp;#93;&lt;/span&gt; connection accepted from 127.0.0.1:53299 #6 (4 connections now open)&lt;br/&gt;
Tue Nov 12 18:17:03.144 &lt;span class=&quot;error&quot;&gt;&amp;#91;initandlisten&amp;#93;&lt;/span&gt; connection accepted from 127.0.0.1:53300 #7 (5 connections now open)&lt;br/&gt;
Tue Nov 12 18:17:03.145 &lt;span class=&quot;error&quot;&gt;&amp;#91;conn6&amp;#93;&lt;/span&gt; end connection 127.0.0.1:53299 (4 connections now open)&lt;br/&gt;
Tue Nov 12 18:17:03.247 &lt;span class=&quot;error&quot;&gt;&amp;#91;initandlisten&amp;#93;&lt;/span&gt; connection accepted from 127.0.0.1:53301 #8 (5 connections now open)&lt;br/&gt;
Tue Nov 12 18:17:03.248 &lt;span class=&quot;error&quot;&gt;&amp;#91;initandlisten&amp;#93;&lt;/span&gt; connection accepted from 127.0.0.1:53302 #9 (6 connections now open)&lt;br/&gt;
Tue Nov 12 18:17:03.248 &lt;span class=&quot;error&quot;&gt;&amp;#91;conn8&amp;#93;&lt;/span&gt; end connection 127.0.0.1:53301 (5 connections now open)&lt;br/&gt;
Tue Nov 12 18:17:04.029 &lt;span class=&quot;error&quot;&gt;&amp;#91;initandlisten&amp;#93;&lt;/span&gt; connection accepted from 127.0.0.1:53303 #10 (6 connections now open)&lt;br/&gt;
Tue Nov 12 18:17:04.043 &lt;span class=&quot;error&quot;&gt;&amp;#91;conn10&amp;#93;&lt;/span&gt; SyntaxError: Unexpected end of input&lt;br/&gt;
Tue Nov 12 18:17:04.043 &lt;span class=&quot;error&quot;&gt;&amp;#91;conn10&amp;#93;&lt;/span&gt; unable to load stored JavaScript function map_heatmap(): SyntaxError: Unexpected end of input&lt;br/&gt;
Tue Nov 12 18:17:04.043 &lt;span class=&quot;error&quot;&gt;&amp;#91;conn10&amp;#93;&lt;/span&gt; SyntaxError: Unexpected end of input&lt;br/&gt;
Tue Nov 12 18:17:04.043 &lt;span class=&quot;error&quot;&gt;&amp;#91;conn10&amp;#93;&lt;/span&gt; unable to load stored JavaScript function reduce_heatmap(): SyntaxError: Unexpected end of input&lt;br/&gt;
Tue Nov 12 18:17:04.145 Invalid access at address: 0x10 from thread: conn10&lt;/p&gt;

&lt;p&gt;Tue Nov 12 18:17:04.145 Got signal: 11 (Segmentation fault: 11).&lt;/p&gt;

&lt;p&gt;Tue Nov 12 18:17:04.149 Backtrace:&lt;br/&gt;
0x10c6b39e0 0x10c1c427d 0x10c1c45b8 0x7fff8d9e65aa 0x1f6df0f6dac1 0x10c7e6097 0x10c8b3699 0x10c8b3501 0x10c66d5cb 0x10c66d48f 0x10c66836a 0x10c6677cf 0x10c35d4d4 0x10c35d8cc 0x10c33d055 0x10c33e013 0x10c33edf6 0x10c45304d 0x10c459468 0x10c3f692a &lt;br/&gt;
 0   mongod                              0x000000010c6b39e0 _ZN5mongo15printStackTraceERSo + 64&lt;br/&gt;
 1   mongod                              0x000000010c1c427d _ZN5mongo10abruptQuitEi + 397&lt;br/&gt;
 2   mongod                              0x000000010c1c45b8 &lt;em&gt;ZN5mongo24abruptQuitWithAddrSignalEiP9&lt;/em&gt;_siginfoPv + 344&lt;br/&gt;
 3   libsystem_platform.dylib            0x00007fff8d9e65aa _sigtramp + 26&lt;br/&gt;
 4   ???                                 0x00001f6df0f6dac1 0x0 + 34557054606017&lt;br/&gt;
 5   mongod                              0x000000010c7e6097 _ZN2v88internal15DeoptimizerDataD1Ev + 55&lt;br/&gt;
 6   mongod                              0x000000010c8b3699 _ZN2v88internal7Isolate6DeinitEv + 105&lt;br/&gt;
 7   mongod                              0x000000010c8b3501 _ZN2v88internal7Isolate8TearDownEv + 81&lt;br/&gt;
 8   mongod                              0x000000010c66d5cb _ZN5mongo7V8ScopeD2Ev + 267&lt;br/&gt;
 9   mongod                              0x000000010c66d48f _ZN5mongo7V8ScopeD0Ev + 15&lt;br/&gt;
 10  mongod                              0x000000010c66836a _ZN5mongo11PooledScopeD2Ev + 842&lt;br/&gt;
 11  mongod                              0x000000010c6677cf _ZN5mongo11PooledScopeD0Ev + 15&lt;br/&gt;
 12  mongod                              0x000000010c35d4d4 _ZN5mongo6dbEvalERKSsRNS_7BSONObjERNS_14BSONObjBuilderERSs + 1812&lt;br/&gt;
 13  mongod                              0x000000010c35d8cc _ZN5mongo7CmdEval3runERKSsRNS_7BSONObjEiRSsRNS_14BSONObjBuilderEb + 172&lt;br/&gt;
 14  mongod                              0x000000010c33d055 _ZN5mongo12_execCommandEPNS_7CommandERKSsRNS_7BSONObjEiRSsRNS_14BSONObjBuilderEb + 37&lt;br/&gt;
 15  mongod                              0x000000010c33e013 _ZN5mongo7Command11execCommandEPS0_RNS_6ClientEiPKcRNS_7BSONObjERNS_14BSONObjBuilderEb + 2915&lt;br/&gt;
 16  mongod                              0x000000010c33edf6 _ZN5mongo12_runCommandsEPKcRNS_7BSONObjERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 886&lt;br/&gt;
 17  mongod                              0x000000010c45304d _ZN5mongo11runCommandsEPKcRNS_7BSONObjERNS_5CurOpERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 45&lt;br/&gt;
 18  mongod                              0x000000010c459468 &lt;em&gt;ZN5mongo8runQueryERNS_7MessageERNS_12QueryMessageERNS_5CurOpES1&lt;/em&gt; + 1112&lt;br/&gt;
 19  mongod                              0x000000010c3f692a _ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE + 1338&lt;/p&gt;

&lt;p&gt;Querying db.system.js.find() results in:&lt;/p&gt;

&lt;p&gt;follow:PRIMARY&amp;gt; db.system.js.find()&lt;br/&gt;
{ &quot;_id&quot; : &quot;debug&quot;, &quot;value&quot; : function (p) &lt;/p&gt;
{ print(p); }
&lt;p&gt; }&lt;br/&gt;
Tue Nov 12 16:48:29.474 JavaScript execution failed: SyntaxError: Unexpected end of input&lt;br/&gt;
Error: 16722 JavaScript execution failed: SyntaxError: Unexpected end of input&lt;br/&gt;
follow:PRIMARY&amp;gt;&lt;/p&gt;

&lt;p&gt;See the attached js.tar.gz for mongodumps of the system.js collection in question.&lt;/p&gt;

&lt;p&gt;Attempting to remove the functions in question from the collection failed - it seems that the syntax errors prevent mongo from doing anything with them, and then eval just trashes the whole daemon when it tries to interpret them.&lt;/p&gt;</description>
                <environment>OSX Mavericks</environment>
        <key id="98245">SERVER-11671</key>
            <summary>Bad stored Javascript causes db.eval() to segfault the server</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="1" iconUrl="https://jira.mongodb.org/images/icons/priorities/blocker.svg">Blocker - P1</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="cheald">Chris Heald</reporter>
                        <labels>
                            <label>crash</label>
                    </labels>
                <created>Tue, 12 Nov 2013 23:56:56 +0000</created>
                <updated>Wed, 7 Jan 2015 04:10:14 +0000</updated>
                            <resolved>Fri, 6 Dec 2013 06:06:47 +0000</resolved>
                                    <version>2.4.8</version>
                                                    <component>JavaScript</component>
                                        <votes>0</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="466716" author="dan@10gen.com" created="Fri, 6 Dec 2013 06:06:47 +0000"  >&lt;p&gt;the fix for &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-11099&quot; title=&quot;clang compiled mongo shell crashes on exit with a stack trace in v8&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-11099&quot;&gt;&lt;del&gt;SERVER-11099&lt;/del&gt;&lt;/a&gt; has been backported to 2.4.9-pre&lt;/p&gt;</comment>
                            <comment id="455382" author="acm" created="Wed, 13 Nov 2013 00:51:38 +0000"  >&lt;p&gt;Chris -&lt;/p&gt;

&lt;p&gt;The v8 fix has been applied for the 2.5 development series, but it is not in 2.4. The best workaround for 2.4 on Mavericks is to build mongodb with GCC rather than clang.&lt;/p&gt;



</comment>
                            <comment id="455378" author="cheald" created="Wed, 13 Nov 2013 00:43:32 +0000"  >&lt;p&gt;Looks like that&apos;s a likely culprit. Looks like we can close this one.&lt;/p&gt;</comment>
                            <comment id="455374" author="acm" created="Wed, 13 Nov 2013 00:38:35 +0000"  >&lt;p&gt;Hi Chris -&lt;/p&gt;

&lt;p&gt;This is almost certainly due to &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-11099&quot; title=&quot;clang compiled mongo shell crashes on exit with a stack trace in v8&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-11099&quot;&gt;&lt;del&gt;SERVER-11099&lt;/del&gt;&lt;/a&gt;. &lt;/p&gt;</comment>
                            <comment id="455347" author="cheald" created="Tue, 12 Nov 2013 23:58:26 +0000"  >&lt;p&gt;I pasted the wrong bit into &quot;steps to reproduce&quot;.&lt;/p&gt;

&lt;p&gt;You just mongoimport the system.js collection, then attempt to run a db.eval against that database. The server will crash when it attempts to load that stored JS.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="93468">SERVER-11099</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="33776" name="js.tar.gz" size="514" author="cheald" created="Tue, 12 Nov 2013 23:56:57 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 13 Nov 2013 00:38:35 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        10 years, 10 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>dan@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            10 years, 10 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10021"><![CDATA[OS X]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>andrew.morrow@mongodb.com</customfieldvalue>
            <customfieldvalue>cheald</customfieldvalue>
            <customfieldvalue>dan@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrm7p3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hru6en:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>90008</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10750" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Steps To Reproduce</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;database.eval &amp;lt;&amp;lt;-EOF&lt;br/&gt;
  db.posts.find().forEach(function(obj) {&lt;br/&gt;
    db.posts.update({_id: obj._id}, {$set: {tiered_at: obj.post_date, tier: 0}})&lt;br/&gt;
  });&lt;br/&gt;
EOF&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hsp593:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>