Operational Defect Database

BugZero found this defect 2493 days ago.

MongoDB | 378251

[SERVER-29001] Stack overflow in views_test (--dbg=on --opt=off) due to long aggregation pipeline

Last update date:

10/30/2023

Affected products:

MongoDB Server

Affected releases:

3.5.6

Fixed releases:

3.4.6

3.5.8

Description:

Info

The CreateViewWithPipelineExactMaxSize unit-test generates a pipeline with the maximum size in bytes, which results into 500,000 chained document sources. At destruction time, since the DocumentSources are destroyed recursively, this results in a stack overflow starting at this frame: > views_test.exe!mongo::DocumentSource::dispose() Line 219 C++ views_test.exe!mongo::DocumentSource::dispose() Line 223 C++ views_test.exe!mongo::DocumentSource::dispose() Line 223 C++ views_test.exe!mongo::DocumentSource::dispose() Line 223 C++ views_test.exe!mongo::Pipeline::dispose(mongo::OperationContext * opCtx) Line 195 C++ views_test.exe!mongo::Pipeline::Deleter::operator()(mongo::Pipeline * pipeline) Line 90 C++ views_test.exe!std::unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter>::~unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter>() Line 1397 C++ views_test.exe!std::unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter>::`scalar deleting destructor'(unsigned int) C++ views_test.exe!boost::optional_detail::optional_base<std::unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter> >::destroy_impl(boost::mpl::bool_<0> __formal) Line 745 C++ views_test.exe!boost::optional_detail::optional_base<std::unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter> >::destroy() Line 708 C++ views_test.exe!boost::optional_detail::optional_base<std::unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter> >::~optional_base<std::unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter> >() Line 327 C++ views_test.exe!boost::optional<std::unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter> >::~optional<std::unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter> >() Line 877 C++ views_test.exe!mongo::StatusWith<std::unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter> >::~StatusWith<std::unique_ptr<mongo::Pipeline,mongo::Pipeline::Deleter> >() C++ views_test.exe!mongo::ViewCatalog::_upsertIntoGraph::__l2::<lambda>(const mongo::ViewDefinition & viewDef, bool needsValidation) Line 213 C++ views_test.exe!mongo::ViewCatalog::_upsertIntoGraph(mongo::OperationContext * opCtx, const mongo::ViewDefinition & viewDef) Line 238 C++ views_test.exe!mongo::ViewCatalog::_createOrUpdateView_inlock(mongo::OperationContext * opCtx, const mongo::NamespaceString & viewName, const mongo::NamespaceString & viewOn, const mongo::BSONArray & pipeline, std::unique_ptr<mongo::CollatorInterface,std::default_delete<mongo::CollatorInterface> > collator) Line 151 C++ views_test.exe!mongo::ViewCatalog::createView(mongo::OperationContext * opCtx, const mongo::NamespaceString & viewName, const mongo::NamespaceString & viewOn, const mongo::BSONArray & pipeline, const mongo::BSONObj & collation) Line 293 C++ views_test.exe!mongo::`anonymous namespace'::UnitTest__ViewCatalogFixture__CreateViewWithPipelineExactMaxSize::_doTest() Line 238 C++ views_test.exe!mongo::unittest::Test::run() Line 175 C++ views_test.exe!mongo::unittest::Suite::runTestObject<mongo::`anonymous namespace'::UnitTest__ViewCatalogFixture__CreateViewWithPipelineExactMaxSize>() Line 429 C++ views_test.exe!std::_Invoker_functor::_Call<void (__cdecl*& __ptr64)(void)>(void(*)() & _Obj) Line 1377 C++ views_test.exe!std::invoke<void (__cdecl*& __ptr64)(void)>(void(*)() & _Obj) Line 1445 C++ views_test.exe!std::_Invoke_ret<void,void (__cdecl*& __ptr64)(void)>(std::_Forced<void,1> __formal, void(*)() & <_Vals_0>) Line 1462 C++ views_test.exe!std::_Func_impl<void (__cdecl*)(void),std::allocator<int>,void>::_Do_call() Line 214 C++ views_test.exe!std::_Func_class<void>::operator()() Line 280 C++ views_test.exe!mongo::unittest::TestHolder::run() Line 271 C++ views_test.exe!mongo::unittest::Suite::run(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & filter, int runsPerTest) Line 292 C++ views_test.exe!mongo::unittest::Suite::run(const std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > > & suites, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & filter, int runsPerTest) Line 350 C++ views_test.exe!main(int argc, char * * argv, char * * envp) Line 41 C++ Currently this only reproduces only with --dbg=on --opt=off (both on Linux and Windows) but I can imagine it can happen in optimized builds if the pipeline entries are made smaller so more than 500,000 are generated.

Top User Comments

xgen-internal-githook commented on Tue, 13 Jun 2017 22:10:25 +0000: Author: {u'username': u'ksuarz', u'name': u'Kyle Suarez', u'email': u'kyle.suarez@mongodb.com'} Message: SERVER-29001 use fewer but larger pipeline stages for views max size tests (cherry picked from commit 59ab265df55f89a9329477c5ea76be4508fcb1a9) Branch: v3.4 https://github.com/mongodb/mongo/commit/55edff3464a874aca36db20f68f1a12d601a5dbd kyle.suarez commented on Mon, 22 May 2017 14:05:47 +0000: I'm requesting backport to v3.4: It might help to avoid similar test failures in the future This is a simple, low-risk test-only fix It makes the overall ViewCatalog unit test much, much faster to run xgen-internal-githook commented on Mon, 22 May 2017 14:02:39 +0000: Author: {u'username': u'ksuarz', u'name': u'Kyle Suarez', u'email': u'kyle.suarez@mongodb.com'} Message: SERVER-29001 use fewer but larger pipeline stages for views max size tests Branch: master https://github.com/mongodb/mongo/commit/59ab265df55f89a9329477c5ea76be4508fcb1a9

Additional Resources / Links

Share:

BugZero Risk Score

Coming soon

Status

Closed

Have you been affected by this bug?

cost-cta-background

Do you know how much operational outages are costing you?

Understand the cost to your business and how BugZero can help you reduce those costs.

Discussion

Login to read and write comments.

Have you ever...

had your data corrupted from a

VMware

bug?

Search:

...