CDRIVER-2072: Always initialize cursor filter and opts

jmikola · ajdavis · commit e8c89c0b3bc8 · 2017-03-05T14:23:10.000-05:00
mongoc_cursor_destroy() always attempts to destroy these documents, which would previously crash if they were left uninitialized when an error was reported by _mongoc_cursor_new_with_opts().
diff --git a/src/mongoc/mongoc-cursor.c b/src/mongoc/mongoc-cursor.c
@@ -232,6 +232,9 @@ _mongoc_cursor_new_with_opts (mongoc_client_t             *client,
    cursor->client = client;
    cursor->is_command = is_command ? 1 : 0;
 
+   bson_init (&cursor->filter);
+   bson_init (&cursor->opts);
+
    if (filter) {
       if (!bson_validate (filter, BSON_VALIDATE_EMPTY_KEYS, NULL)) {
          MARK_FAILED (cursor);
@@ -241,9 +244,8 @@ _mongoc_cursor_new_with_opts (mongoc_client_t             *client,
          GOTO (finish);
       }
 
+      bson_destroy (&cursor->filter);
       bson_copy_to (filter, &cursor->filter);
-   } else {
-      bson_init (&cursor->filter);
    }
 
    if (opts) {
@@ -263,7 +265,6 @@ _mongoc_cursor_new_with_opts (mongoc_client_t             *client,
          GOTO (finish);
       }
 
-      bson_init (&cursor->opts);
       bson_copy_to_excluding_noinit (opts, &cursor->opts, "serverId", NULL);
 
       /* true if there's a valid serverId or no serverId, false on err */
@@ -277,8 +278,6 @@ _mongoc_cursor_new_with_opts (mongoc_client_t             *client,
       if (server_id) {
          mongoc_cursor_set_hint (cursor, server_id);
       }
-   } else {
-      bson_init (&cursor->opts);
    }
 
    cursor->read_prefs = read_prefs ?
diff --git a/tests/test-mongoc-cursor.c b/tests/test-mongoc-cursor.c
@@ -702,6 +702,74 @@ test_cursor_new_invalid (void)
    mongoc_client_destroy (client);
 }
 
+
+static void
+test_cursor_new_invalid_filter (void)
+{
+   mongoc_client_t *client;
+   mongoc_collection_t *collection;
+   mongoc_cursor_t *cursor;
+   bson_error_t error;
+
+   client = test_framework_client_new ();
+   collection = mongoc_client_get_collection (client, "test", "test");
+
+   cursor = mongoc_collection_find_with_opts (
+      collection, tmp_bson ("{'': 1}"), NULL, NULL);
+
+   ASSERT (cursor);
+   ASSERT (mongoc_cursor_error (cursor, &error));
+   ASSERT_ERROR_CONTAINS (error,
+                          MONGOC_ERROR_CURSOR,
+                          MONGOC_ERROR_CURSOR_INVALID_CURSOR,
+                          "Empty keys are not allowed in 'filter'.");
+
+   mongoc_cursor_destroy (cursor);
+   mongoc_collection_destroy (collection);
+   mongoc_client_destroy (client);
+}
+
+
+static void
+test_cursor_new_invalid_opts (void)
+{
+   mongoc_client_t *client;
+   mongoc_collection_t *collection;
+   mongoc_cursor_t *cursor;
+   bson_error_t error;
+
+   client = test_framework_client_new ();
+   collection = mongoc_client_get_collection (client, "test", "test");
+
+   cursor = mongoc_collection_find_with_opts (
+      collection, tmp_bson (NULL), tmp_bson ("{'projection': {'': 1}}"), NULL);
+
+   ASSERT (cursor);
+   ASSERT (mongoc_cursor_error (cursor, &error));
+   ASSERT_ERROR_CONTAINS (error,
+                          MONGOC_ERROR_CURSOR,
+                          MONGOC_ERROR_CURSOR_INVALID_CURSOR,
+                          "Cannot use empty keys in 'opts'.");
+
+   mongoc_cursor_destroy (cursor);
+
+   cursor = mongoc_collection_find_with_opts (
+      collection, tmp_bson (NULL), tmp_bson ("{'$invalid': 1}"), NULL);
+
+   ASSERT (cursor);
+   ASSERT (mongoc_cursor_error (cursor, &error));
+   ASSERT_ERROR_CONTAINS (error,
+                          MONGOC_ERROR_CURSOR,
+                          MONGOC_ERROR_CURSOR_INVALID_CURSOR,
+                          "Cannot use $-modifiers in 'opts'.");
+
+   mongoc_cursor_destroy (cursor);
+
+   mongoc_collection_destroy (collection);
+   mongoc_client_destroy (client);
+}
+
+
 static void
 test_cursor_new_static (void)
 {
@@ -1521,6 +1589,10 @@ test_cursor_install (TestSuite *suite)
                       test_cursor_new_from_find_batches, NULL, NULL,
                       test_framework_skip_if_max_wire_version_less_than_4);
    TestSuite_AddLive (suite, "/Cursor/new_invalid", test_cursor_new_invalid);
+   TestSuite_AddLive (
+      suite, "/Cursor/new_invalid_filter", test_cursor_new_invalid_filter);
+   TestSuite_AddLive (
+      suite, "/Cursor/new_invalid_opts", test_cursor_new_invalid_opts);
    TestSuite_AddLive (suite, "/Cursor/new_static", test_cursor_new_static);
    TestSuite_AddLive (suite, "/Cursor/hint/errors", test_cursor_hint_errors);
    TestSuite_Add (suite, "/Cursor/hint/single/secondary", test_hint_single_secondary);

Original file line number	Diff line number	Diff line change
`@@ -232,6 +232,9 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,`
`232`	`232`	`cursor->client = client;`
`233`	`233`	`cursor->is_command = is_command ? 1 : 0;`
`234`	`234`
	`235`	`+ bson_init (&cursor->filter);`
	`236`	`+ bson_init (&cursor->opts);`
	`237`	`+`
`235`	`238`	`if (filter) {`
`236`	`239`	`if (!bson_validate (filter, BSON_VALIDATE_EMPTY_KEYS, NULL)) {`
`237`	`240`	`MARK_FAILED (cursor);`
`@@ -241,9 +244,8 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,`
`241`	`244`	`GOTO (finish);`
`242`	`245`	`}`
`243`	`246`
	`247`	`+ bson_destroy (&cursor->filter);`
`244`	`248`	`bson_copy_to (filter, &cursor->filter);`
`245`		`- } else {`
`246`		`- bson_init (&cursor->filter);`
`247`	`249`	`}`
`248`	`250`
`249`	`251`	`if (opts) {`
`@@ -263,7 +265,6 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,`
`263`	`265`	`GOTO (finish);`
`264`	`266`	`}`
`265`	`267`
`266`		`- bson_init (&cursor->opts);`
`267`	`268`	`bson_copy_to_excluding_noinit (opts, &cursor->opts, "serverId", NULL);`
`268`	`269`
`269`	`270`	`/* true if there's a valid serverId or no serverId, false on err */`
`@@ -277,8 +278,6 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,`
`277`	`278`	`if (server_id) {`
`278`	`279`	`mongoc_cursor_set_hint (cursor, server_id);`
`279`	`280`	`}`
`280`		`- } else {`
`281`		`- bson_init (&cursor->opts);`
`282`	`281`	`}`
`283`	`282`
`284`	`283`	`cursor->read_prefs = read_prefs ?`