From a0db9321139e8da657638ddbe7e86d8bac9ea3cc Mon Sep 17 00:00:00 2001
From: Mathias Stearn <mathias@10gen.com>
Date: Tue, 17 Feb 2015 12:40:39 -0500
Subject: SERVER-17224 Reserve room for EOO byte when starting BSONObj building

Since _done() is called from ~BSONObjBuilder we need to ensure that it cannot
fail. This prevents a double exception leading to a std::terminate call.

This also resolves SERVER-17226.
---
 jstests/aggregation/bugs/server17224.js | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 jstests/aggregation/bugs/server17224.js

(limited to 'jstests/aggregation/bugs/server17224.js')

diff --git a/jstests/aggregation/bugs/server17224.js b/jstests/aggregation/bugs/server17224.js
new file mode 100644
index 00000000000..33042abab53
--- /dev/null
+++ b/jstests/aggregation/bugs/server17224.js
@@ -0,0 +1,24 @@
+// SERVER-17224 An aggregation result with exactly the right size could crash the server rather than
+//              returning an error.
+(function() {
+    'use strict';
+
+    var t = db.server17224;
+    t.drop();
+
+    // first 63MB
+    for (var i = 0; i < 63; i++) {
+        t.insert({a: new Array(1024 * 1024 + 1).join('a')});
+    }
+
+    // the remaining ~1MB with room for field names and other overhead
+    t.insert({a: new Array(1024 * 1024 - 1105).join('a')});
+
+    // do not use cursor form, since it has a different workaroud for this issue.
+    assert.commandFailed(
+        db.runCommand({aggregate: t.getName(),
+                      pipeline: [{$match: {}}, {$group: {_id: null, arr: {$push: {a: '$a'}}}}]}));
+
+    // Make sure the server is still up.
+    assert.commandWorked(db.runCommand('ping'));
+}());
-- 
cgit v1.2.1