Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11731

$where inside of projection $elemMatch causes segmentation fault

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.2.7, 2.4.9
    • Affects Version/s: 2.4.8
    • Component/s: JavaScript
    • Environment:
    • ALL
    • Hide

      1. Start mongod 2.4.8
      2. Start a mongo shell
      3. In the shell:

      > db.c.find({},{a:{$elemMatch:{$where:"true"}}})
      
      Show
      1. Start mongod 2.4.8 2. Start a mongo shell 3. In the shell: > db.c.find({},{a:{$elemMatch:{$where: " true " }}})

      Issue Status as of December 30th, 2013

      ISSUE SUMMARY
      $where can cause a segfault when used inside an $elemMatch

      USER IMPACT
      Mongod will crash with a stack trace showing an error in the mongo::Matcher::parseWhere method, similar to the following

      Fri Nov 15 19:34:35.259 Backtrace:
      0x10044c60b 0x100001121 0x1000013a2 0x7fff979285aa 0 0x10021a733 0x10021d43b 0x10021dcb9 0x10021e657 0x10021c14e 0x10021d619 0x10021dcb9 0x1002b472a 0x1002b2628 0x1002a7464 0x1002dbcf2 0x100240b14 0x1001ee10f 0x10000b682 0x100441fd9 
       0   mongod                              0x000000010044c60b _ZN5mongo15printStackTraceERSo + 43
       1   mongod                              0x0000000100001121 _ZN5mongo10abruptQuitEi + 225
       2   mongod                              0x00000001000013a2 _ZN5mongo24abruptQuitWithAddrSignalEiP9__siginfoPv + 242
       3   libsystem_platform.dylib            0x00007fff979285aa _sigtramp + 26
       4   ???                                 0x0000000000000000 0x0 + 0
       5   mongod                              0x000000010021a733 _ZN5mongo7Matcher10parseWhereERKNS_11BSONElementE + 
      ...
      

      SOLUTION
      Mongod now returns the following error message when $where is used inside an $elemMatch

      no valid context found for $where
      

      WORKAROUNDS
      Users should avoid using $where inside an $elemMatch.

      PATCHES
      Production release v2.4.9 and v2.2.7 contain the fix for this issue, and production release v2.6.0 will have a brand new query engine, which does not contain this bug.

      problem: mongod 2.4.8 crashes with a segmentation fault when doing a $where inside of a $elemMatch. This appears to be fixed in versions 2.5.x.

      mongod log attached

            Assignee:
            matt.dannenberg Matt Dannenberg
            Reporter:
            luke.lovett Luke Lovett
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: