BSON-Ext complete crash when object has a "toString" key

Hey there!
We ran into this issue the other day where some objects we were trying to serialize with BSON-EXT (GitHub - mongodb-js/bson-ext: The C++ bson parser for the node.js mongodb driver.) could not be serialized and would crash hard. This error cannot be caught in node and killed our entire process :boom: :cry:.

node: ../src/bson.h:60: v8::Local<T> Unmaybe(Nan::MaybeLocal<T>) [with T = v8::String; Nan::MaybeLocal<T> = v8::MaybeLocal<v8::String>]: Assertion `!h.IsEmpty()' failed.
Aborted (core dumped)

We isolated this issue to the object having a toString key and wrote a cleaning function that strips it (and other similar keys) before trying to serialize with BSON-EXT. In short, our solution can be summarized as:

test('strips unwelcomed properties', () => {
  const serializedOBJ = `{
    "__id": "100",
    "toString": "nope!",
    "prototype": { "valueOf": "void" },
    "_bsontype": "crasher",
    "details": {
      "__proto__": "be gone!",
      "toString": "no bueno!",
      "valid": "true",
      "arr": [
        {
          "constructor": "will this work?",
          "hello": "world",
          "toString": "why?"
        }
      ]
    }
  }`;

  const expected = {
    __id: '100',
    details: {
      valid: 'true',
      arr: [
        {
          hello: 'world'
        }
      ]
    }
  };

  expect(safeJSONParser(serializedOBJ)).toEqual(expected);
});

We believe this is related to this: Adding bson-ext breaks parse-server test suite · Issue #59 · mongodb-js/bson-ext · GitHub

While we can live with this solution, we’re wondering if there’s any interest in solving this at the library level instead so it doesn’t bite more teams.

Thanks!
Antoine

Thanks for the report. We currently have a JIRA ticket to track a fix for this: https://jira.mongodb.org/browse/NODE-3375 which would be prioritised to be addressed in the upcoming weeks.

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.