ISSUE SUMMARY
If a document contains a very large array "arr" of subdocuments with nested arrays, a query against a path where many consecutive array elements of "arr" do not match the query path may trigger a stack overflow inside mongod.
For example:
db.col.insert({arr: [{elem: []}, {elem: []}, {elem: []}, ...]})
db.col.find({"arr.elem.x" : 0})
In this example, the issue is triggered when the number of consecutive array elements that do not match the "arr.elem.x" path is sufficiently large.
USER IMPACT
MongoDB crashes with no information in the log files.
WORKAROUNDS
There are no workarounds for this issue.
AFFECTED VERSIONS
MongoDB 2.6 versions up to 2.6.5 are affected by this issue.
FIX VERSION
The fix is included in the 2.6.6 production release.
RESOLUTION DETAILS
Change BSONElementIterator::more() to not use a stack frame per array element traversed.