<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 06:05:18 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-66389] segfault due to null JsFunction pointer for auto-parameterized $where </title>
                <link>https://jira.mongodb.org/browse/SERVER-66389</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;When binding the value associated with an auto-parameterized $where &lt;tt&gt;MatchExpression&lt;/tt&gt; node, we have a performance optimization to transfer ownership of the &lt;tt&gt;JsFunction&lt;/tt&gt; rather than copying it. &lt;a href=&quot;https://github.com/mongodb/mongo/blob/2102f99116f9c8a4409ef2376abf7f2f1c9590c4/src/mongo/db/query/bind_input_params.cpp#L176-L187&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;See the code here&lt;/a&gt;. The motivation for this optimization is that copying a &lt;tt&gt;JsFunction&lt;/tt&gt; is very expensive, as it requires some kind of expensive initialization of the JavaScript engine.&lt;/p&gt;

&lt;p&gt;This optimization is not correct if there are multiple candidate plans. Imagine a scenario where there are two candidate plans. During preparation of the first candidate, we need to bind the &lt;tt&gt;JsFunction&lt;/tt&gt; into the SBE runtime environment. The optimization kicks in, so we extract the &lt;tt&gt;JsFunction&lt;/tt&gt; from the &lt;tt&gt;CanonicalQuery&lt;/tt&gt; and pass ownership to the runtime environment. This leaves a nullptr in the $where node. For the second candidate plan, the optimization kicks in again. This time, the &lt;tt&gt;JsFunction&lt;/tt&gt; pointer is null. The ownership transfer logic tolerates nullptr and is essentially a no-op this time around.&lt;/p&gt;

&lt;p&gt;Later, when we actually try to execute the second candidate plan&apos;s trial period, we assume that the &lt;tt&gt;JsFunction&lt;/tt&gt; pointer is non-null and attempt to dereference it, resulting in a segmentation fault. This bug affects both master and the 6.0 branch.&lt;/p&gt;

&lt;p&gt;The easy way to fix this would be to revert the to optimization, and just copy the &lt;tt&gt;JsFunction&lt;/tt&gt; into each candidate plan. (The implementation is a bit sketchy as is anyway, since it uses &lt;tt&gt;const_cast&lt;/tt&gt; to discard the const qualifier.) The downside is that this approach have negative performance consequences. Another option would be to copy the &lt;tt&gt;JsFunction&lt;/tt&gt; into all of the candidate plans except for the last one, or possibly to only have the optimization kick in when there is just one candidate plans. One other idea to look into is that we do clone the &lt;tt&gt;MatchExpression&lt;/tt&gt; tree during plan enumeration &amp;#8211; perhaps the &lt;tt&gt;JsFunction&lt;/tt&gt; objects associated with each copy can be transferred to the corresponding SBE plans?&lt;/p&gt;</description>
                <environment></environment>
        <key id="2044655">SERVER-66389</key>
            <summary>segfault due to null JsFunction pointer for auto-parameterized $where </summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="2" iconUrl="https://jira.mongodb.org/images/icons/priorities/critical.svg">Critical - P2</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="david.storch@mongodb.com">David Storch</assignee>
                                    <reporter username="david.storch@mongodb.com">David Storch</reporter>
                        <labels>
                    </labels>
                <created>Wed, 11 May 2022 15:31:04 +0000</created>
                <updated>Thu, 7 Dec 2023 18:11:38 +0000</updated>
                            <resolved>Fri, 13 May 2022 07:19:28 +0000</resolved>
                                    <version>6.0.0-rc5</version>
                    <version>6.1.0-rc0</version>
                                    <fixVersion>6.0.0-rc6</fixVersion>
                    <fixVersion>6.1.0-rc0</fixVersion>
                                                        <votes>0</votes>
                                    <watches>11</watches>
                                                                                                                <comments>
                            <comment id="4547006" author="xgen-internal-githook" created="Fri, 13 May 2022 08:01:56 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;David Storch&apos;, &apos;email&apos;: &apos;david.storch@mongodb.com&apos;, &apos;username&apos;: &apos;dstorch&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-66389&quot; title=&quot;segfault due to null JsFunction pointer for auto-parameterized $where &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-66389&quot;&gt;&lt;del&gt;SERVER-66389&lt;/del&gt;&lt;/a&gt; Fix $where parameter bind-in optimization&lt;/p&gt;

&lt;p&gt;(cherry picked from commit 48acc21bc952810c7028f79773905f9cdcce44af)&lt;br/&gt;
Branch: v6.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/94ebb3709d96e4d991294c0c1db021f83d9b2c58&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/94ebb3709d96e4d991294c0c1db021f83d9b2c58&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4546987" author="xgen-internal-githook" created="Fri, 13 May 2022 07:13:50 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;David Storch&apos;, &apos;email&apos;: &apos;david.storch@mongodb.com&apos;, &apos;username&apos;: &apos;dstorch&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-66389&quot; title=&quot;segfault due to null JsFunction pointer for auto-parameterized $where &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-66389&quot;&gt;&lt;del&gt;SERVER-66389&lt;/del&gt;&lt;/a&gt; Fix $where parameter bind-in optimization&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/48acc21bc952810c7028f79773905f9cdcce44af&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/48acc21bc952810c7028f79773905f9cdcce44af&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4546604" author="david.storch" created="Thu, 12 May 2022 22:22:39 +0000"  >&lt;p&gt;I am removing this from the &quot;6.0 Required&quot; bucket due to &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-66445&quot; title=&quot;Make the classic engine the default execution engine for 6.0&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-66445&quot;&gt;&lt;del&gt;SERVER-66445&lt;/del&gt;&lt;/a&gt;, though I still intend to merge it shortly. (At the moment it is conflicting with other patches in the commit queue due to the changes in etc/backports_required_for_multiversion_tests.yml so I need to wait for the queue to drain.)&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="2518805">SERVER-83959</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="23470"><![CDATA[v6.0]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 12 May 2022 10:03:12 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        1 year, 38 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16941"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-2371</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>david.storch@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            1 year, 38 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_16465" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Linked BF Score</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>123.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>david.storch@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i0ujdz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i0bw9w:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_22250" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Special Downgrade Instructions Required</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="23343"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="5892">QE 2022-05-16</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i0u5jb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>