-
Type: Bug
-
Resolution: Done
-
Priority: Critical - P2
-
Affects Version/s: None
-
Component/s: None
-
None
-
Environment:ALL THE ENVIRONMENTS
-
Major Change
Steps to reproduce:
Step 1. Use Mongo as WEB SCALE DOCUMENT STORE OF CHOICE LOL
Step 2. Assume basic engineering principles applied throughout due to HEAVY MARKETING SUGGESTING AWESOMENESS.
Step 3. Spend 6 months fighting plebbery across the spectrum, mostly succeed.
Step 4. NIGHT BEFORE INVESTOR DEMO, TRY UPLOADING SOME DATA WITH "{$ref: '#/mongodb/plebtastic'"
Step 5. LOL WTF?!?!? PYMONGO CRASH?? :OOO LOOOL WEBSCALE
Step 6. It's 4am now. STILL INVESTIGATING
b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500 1196) /* Decoding for DBRefs */
Oh Mike!!!
Step 7. DISCOVER PYMONGO DOES NOT CHECK RETURN VALUES IN MULTIPLE PLACES. DISCOVER ORIGINAL AUTHOR SHOULD NOT BE ALLOWED NEAR COMPUTER
0558b0d4 pymongo/_cbsonmodule.c (Mike Dirolf 2009-06-08 15:06:12 -0400 1197) if (strcmp(buffer + position + 5, "$ref") == 0) { / DBRef */
f3da57be pymongo/_cbsonmodule.c (sibsibsib 2010-08-03 13:24:14 +0800 1198) PyObject* dbref;
b4cb9be0 pymongo/_cbsonmodule.c (Mike Dirolf 2009-11-10 14:54:39 -0500 1199) PyObject* collection = PyDict_GetItemString(value, "$ref");
...
30c253e6 pymongo/_cbsonmodule.c (Mike Dirolf 2010-06-22 12:29:20 -0400 1206) PyDict_DelItemString(value, "$id");
...
6b0a9ccb pymongo/_cbsonmodule.c (Mike Dirolf 2010-06-21 15:15:00 -0400 1220) Py_DECREF(id);
LOOOOL!
OH MIKE OH MIKE!! BUT WHAT IF $ref DOESNT HAVE $id KEY? LOOL
Step 8. REALIZE I CAN CRASH 99% OF ALL WEB 3.9 SHIT-TASTIC WEBSCALE MONGO-DEPLOYING SERVICES WITH 16 BYTE POST
Step 9. REALIZE 10GEN ARE TOO WORTHLESSLY CLUELESS TO LICENCE A STATIC ANALYZER THAT WOULD HAVE NOTICED THIS PROBLEM IN 0.0000001 NANOSECONDS?!!?!?@#
Step 10. TRY DELETING _cbson.so.
Step 11. LOOOOOOOOOOOOL MORE NULL PTR DEREFS IN _cmessage.so!!?!? LOLLERPLEX??!? NULL IS FOR LOSERS LOLOL
Steps to fix:
1. MIKE WAS BORN A TECH WRITER. REVOKE COMMIT PRIVS TODAY
2. BUY A GODDAMNED COVERITY LICENCE YOU AMATEURS
3. ADD process_dbrefs=False TO ALL THE DRIVERS
4. FIX NULL PTR DEREFERENCE
5. PUBLISH SECURITY ADVISORY OR I WILL DO IT FOR YOU
- is duplicated by
-
PYTHON-536 Python Segmentation fault on find query
- Closed