CDRIVER-2072: Always initialize cursor filter and opts

jmikola · ajdavis · commit aadf9bcb416e · 2017-03-05T14:23:26.000-05:00
mongoc_cursor_destroy() always attempts to destroy these documents, which would previously crash if they were left uninitialized when an error was reported by _mongoc_cursor_new_with_opts().
diff --git a/src/mongoc/mongoc-cursor.c b/src/mongoc/mongoc-cursor.c
@@ -229,6 +229,9 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,
    cursor->client = client;
    cursor->is_command = is_command ? 1 : 0;
 
+   bson_init (&cursor->filter);
+   bson_init (&cursor->opts);
+
    if (filter) {
       if (!bson_validate (filter, BSON_VALIDATE_EMPTY_KEYS, NULL)) {
          MARK_FAILED (cursor);
@@ -239,9 +242,8 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,
          GOTO (finish);
       }
 
+      bson_destroy (&cursor->filter);
       bson_copy_to (filter, &cursor->filter);
-   } else {
-      bson_init (&cursor->filter);
    }
 
    if (opts) {
@@ -263,7 +265,6 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,
          GOTO (finish);
       }
 
-      bson_init (&cursor->opts);
       bson_copy_to_excluding_noinit (opts, &cursor->opts, "serverId", NULL);
 
       /* true if there's a valid serverId or no serverId, false on err */
@@ -279,8 +280,6 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,
       if (server_id) {
          mongoc_cursor_set_hint (cursor, server_id);
       }
-   } else {
-      bson_init (&cursor->opts);
    }
 
    cursor->read_prefs = read_prefs
diff --git a/tests/test-mongoc-cursor.c b/tests/test-mongoc-cursor.c
@@ -733,6 +733,74 @@ test_cursor_new_invalid (void)
    mongoc_client_destroy (client);
 }
 
+
+static void
+test_cursor_new_invalid_filter (void)
+{
+   mongoc_client_t *client;
+   mongoc_collection_t *collection;
+   mongoc_cursor_t *cursor;
+   bson_error_t error;
+
+   client = test_framework_client_new ();
+   collection = mongoc_client_get_collection (client, "test", "test");
+
+   cursor = mongoc_collection_find_with_opts (
+      collection, tmp_bson ("{'': 1}"), NULL, NULL);
+
+   ASSERT (cursor);
+   ASSERT (mongoc_cursor_error (cursor, &error));
+   ASSERT_ERROR_CONTAINS (error,
+                          MONGOC_ERROR_CURSOR,
+                          MONGOC_ERROR_CURSOR_INVALID_CURSOR,
+                          "Empty keys are not allowed in 'filter'.");
+
+   mongoc_cursor_destroy (cursor);
+   mongoc_collection_destroy (collection);
+   mongoc_client_destroy (client);
+}
+
+
+static void
+test_cursor_new_invalid_opts (void)
+{
+   mongoc_client_t *client;
+   mongoc_collection_t *collection;
+   mongoc_cursor_t *cursor;
+   bson_error_t error;
+
+   client = test_framework_client_new ();
+   collection = mongoc_client_get_collection (client, "test", "test");
+
+   cursor = mongoc_collection_find_with_opts (
+      collection, tmp_bson (NULL), tmp_bson ("{'projection': {'': 1}}"), NULL);
+
+   ASSERT (cursor);
+   ASSERT (mongoc_cursor_error (cursor, &error));
+   ASSERT_ERROR_CONTAINS (error,
+                          MONGOC_ERROR_CURSOR,
+                          MONGOC_ERROR_CURSOR_INVALID_CURSOR,
+                          "Cannot use empty keys in 'opts'.");
+
+   mongoc_cursor_destroy (cursor);
+
+   cursor = mongoc_collection_find_with_opts (
+      collection, tmp_bson (NULL), tmp_bson ("{'$invalid': 1}"), NULL);
+
+   ASSERT (cursor);
+   ASSERT (mongoc_cursor_error (cursor, &error));
+   ASSERT_ERROR_CONTAINS (error,
+                          MONGOC_ERROR_CURSOR,
+                          MONGOC_ERROR_CURSOR_INVALID_CURSOR,
+                          "Cannot use $-modifiers in 'opts'.");
+
+   mongoc_cursor_destroy (cursor);
+
+   mongoc_collection_destroy (collection);
+   mongoc_client_destroy (client);
+}
+
+
 static void
 test_cursor_new_static (void)
 {
@@ -1592,6 +1660,10 @@ test_cursor_install (TestSuite *suite)
                       NULL,
                       test_framework_skip_if_max_wire_version_less_than_4);
    TestSuite_AddLive (suite, "/Cursor/new_invalid", test_cursor_new_invalid);
+   TestSuite_AddLive (
+      suite, "/Cursor/new_invalid_filter", test_cursor_new_invalid_filter);
+   TestSuite_AddLive (
+      suite, "/Cursor/new_invalid_opts", test_cursor_new_invalid_opts);
    TestSuite_AddLive (suite, "/Cursor/new_static", test_cursor_new_static);
    TestSuite_AddLive (suite, "/Cursor/hint/errors", test_cursor_hint_errors);
    TestSuite_Add (

Original file line number	Diff line number	Diff line change
`@@ -229,6 +229,9 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,`
`229`	`229`	`cursor->client = client;`
`230`	`230`	`cursor->is_command = is_command ? 1 : 0;`
`231`	`231`
	`232`	`+ bson_init (&cursor->filter);`
	`233`	`+ bson_init (&cursor->opts);`
	`234`	`+`
`232`	`235`	`if (filter) {`
`233`	`236`	`if (!bson_validate (filter, BSON_VALIDATE_EMPTY_KEYS, NULL)) {`
`234`	`237`	`MARK_FAILED (cursor);`
`@@ -239,9 +242,8 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,`
`239`	`242`	`GOTO (finish);`
`240`	`243`	`}`
`241`	`244`
	`245`	`+ bson_destroy (&cursor->filter);`
`242`	`246`	`bson_copy_to (filter, &cursor->filter);`
`243`		`- } else {`
`244`		`- bson_init (&cursor->filter);`
`245`	`247`	`}`
`246`	`248`
`247`	`249`	`if (opts) {`
`@@ -263,7 +265,6 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,`
`263`	`265`	`GOTO (finish);`
`264`	`266`	`}`
`265`	`267`
`266`		`- bson_init (&cursor->opts);`
`267`	`268`	`bson_copy_to_excluding_noinit (opts, &cursor->opts, "serverId", NULL);`
`268`	`269`
`269`	`270`	`/* true if there's a valid serverId or no serverId, false on err */`
`@@ -279,8 +280,6 @@ _mongoc_cursor_new_with_opts (mongoc_client_t *client,`
`279`	`280`	`if (server_id) {`
`280`	`281`	`mongoc_cursor_set_hint (cursor, server_id);`
`281`	`282`	`}`
`282`		`- } else {`
`283`		`- bson_init (&cursor->opts);`
`284`	`283`	`}`
`285`	`284`
`286`	`285`	`cursor->read_prefs = read_prefs`