StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POCrashing MongoDB with one badly named field, what's so special about it?
primarykey
Id
13422736
data
AcceptedAnswerId
0
AnswerCount
2
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2012-11-16T18:59:28.190
FavoriteCount
1
LastActivityDate
2012-11-16T19:40:39.647
LastEditDate
2012-11-16T19:40:39.647
LastEditorUserId
840333
OwnerUserId
840333
ParentId
0
PostTypeId
1
Score
4
ViewCount
276
LastEditorDisplayName
text
Body
Using the Java driver, we today discovered that is possible to bring a MongoDB instance down with a segmentation fault. <pre><code>new Mongo().getDB("test").getCollection("test"). insert(new BasicDBObject("\u0000Žö", "")); </code></pre> This will produce the following output from <code>mongod</code> before it dies: <pre><code>Fri Nov 16 18:53:18 Invalid access at address: 0xbac3c5fe from thread: conn5 Fri Nov 16 18:53:18 Got signal: 11 (Segmentation fault: 11). Fri Nov 16 18:53:18 Backtrace: 0x10004241b 0x10005628b 0x100056941 0x7fff828afcfa 0x1 0x100281611 0x100288c91 0x10006c501 0x10058e50c 0x1005e31d3 0x7fff8285b8bf 0x7fff8285eb75 0 mongod 0x000000010004241b _ZN5mongo15printStackTraceERSo + 43 1 mongod 0x000000010005628b _ZN5mongo10abruptQuitEi + 987 2 mongod 0x0000000100056941 _ZN5mongo24abruptQuitWithAddrSignalEiP9__siginfoPv + 673 3 libsystem_c.dylib 0x00007fff828afcfa _sigtramp + 26 4 ??? 0x0000000000000001 0x0 + 1 5 mongod 0x0000000100281611 _ZN5mongo14receivedInsertERNS_7MessageERNS_5CurOpE + 1841 6 mongod 0x0000000100288c91 _ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE + 4705 7 mongod 0x000000010006c501 _ZN5mongo16MyMessageHandler7processERNS_7MessageEPNS_21AbstractMessagingPortEPNS_9LastErrorE + 257 8 mongod 0x000000010058e50c _ZN5mongo3pms9threadRunEPNS_13MessagingPortE + 1084 9 mongod 0x00000001005e31d3 thread_proxy + 163 10 libsystem_c.dylib 0x00007fff8285b8bf _pthread_start + 335 11 libsystem_c.dylib 0x00007fff8285eb75 thread_start + 13 </code></pre> I've been trying to understand what on earth makes this magical field name special. Removing any of the characters involved makes mongodb survive just fine, and the stack trace isn't making me any wiser. I've written up a short <a href="http://jwdev.tumblr.com/post/35851221681/how-to-crash-mongodb-in-1-line-of-java" rel="nofollow">blog post</a> on the issue, and filed a <a href="https://jira.mongodb.org/browse/SERVER-7691" rel="nofollow">JIRA ticket</a> at mongodb.org, but my curiosity is killing me. Can anyone figure out what makes <code>\u0000Žö</code> special? Edit to clarify: <code>\u0000</code> and <code>\u0000Ž</code> is fine, and so is <code>\u0000Žsomerandomtext</code> 
Tags
<java><mongodb>
Title
Crashing MongoDB with one badly named field, what's so special about it?
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USJoel Westberg
UserOwnerUserId
1. USJoel Westberg
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POCrashing MongoDB with one badly named field, what's so special about it?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POCrashing MongoDB with one badly named field, what's so special about it?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POCrashing MongoDB with one badly named field, what's so special about it?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COIs this bug resolved by the lastest mongo java driver 2.10.1? I tested and find without the --objcheck turned on, the db server will still crash.
 singulars
 PostPostId
 POCrashing MongoDB with one badly named field, what's so special about it?
 UserUserId
 USDiveInto

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.