Operational Defect Database

BugZero found this defect 2443 days ago.

MongoDB | 395631

[SERVER-29711] OP_GET_MORE view check can dereference a null pointer

Last update date:

10/30/2023

Affected products:

MongoDB Server

Affected releases:

3.5.8

Fixed releases:

3.5.9

Description:

Info

A globally-managed aggregation cursor can be established even if the database over which the aggregation is issued does not exist. On a subsequent OP_GET_MORE, a check is made that the aggregation namespace is not a view (since OP_GET_MORE on views is not supported): https://github.com/mongodb/mongo/blob/ab165e7a81e319cd7e99af3e1eed86e826fd34ba/src/mongo/db/query/find.cpp#L281-L287 However, this code incorrectly assumes that the Database object exists. If it doesn't exist, getDb() will return null, causing this line to deference a null pointer and crash the server. This issue was introduced during 3.5 development and does not affect any stable versions of MongoDB.

Top User Comments

xgen-internal-githook commented on Mon, 19 Jun 2017 22:48:09 +0000: Author: {u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'} Message: SERVER-29711 Fix nullptr dereference in OP_GET_MORE view check. Branch: master https://github.com/mongodb/mongo/commit/47856e523e3d3c842f95ec277f33728130ad14dd

Additional Resources / Links

Share:

BugZero Risk Score

Coming soon

Status

Closed

Have you been affected by this bug?

cost-cta-background

Do you know how much operational outages are costing you?

Understand the cost to your business and how BugZero can help you reduce those costs.

Discussion

Login to read and write comments.

Have you ever...

had your data corrupted from a

VMware

bug?

Search:

...