Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-29711

OP_GET_MORE view check can dereference a null pointer

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.5.9
    • Affects Version/s: 3.5.8
    • Component/s: Querying
    • Fully Compatible
    • ALL
    • Query 2017-07-10
    • 0

      A globally-managed aggregation cursor can be established even if the database over which the aggregation is issued does not exist. On a subsequent OP_GET_MORE, a check is made that the aggregation namespace is not a view (since OP_GET_MORE on views is not supported):

      https://github.com/mongodb/mongo/blob/ab165e7a81e319cd7e99af3e1eed86e826fd34ba/src/mongo/db/query/find.cpp#L281-L287

      However, this code incorrectly assumes that the Database object exists. If it doesn't exist, getDb() will return null, causing this line to deference a null pointer and crash the server.

      This issue was introduced during 3.5 development and does not affect any stable versions of MongoDB.

            Assignee:
            david.storch@mongodb.com David Storch
            Reporter:
            david.storch@mongodb.com David Storch
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: