...
BugZero found this defect 2747 days ago.
A globally-managed aggregation cursor can be established even if the database over which the aggregation is issued does not exist. On a subsequent OP_GET_MORE, a check is made that the aggregation namespace is not a view (since OP_GET_MORE on views is not supported): https://github.com/mongodb/mongo/blob/ab165e7a81e319cd7e99af3e1eed86e826fd34ba/src/mongo/db/query/find.cpp#L281-L287 However, this code incorrectly assumes that the Database object exists. If it doesn't exist, getDb() will return null, causing this line to deference a null pointer and crash the server. This issue was introduced during 3.5 development and does not affect any stable versions of MongoDB.
xgen-internal-githook commented on Mon, 19 Jun 2017 22:48:09 +0000: Author: {u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'} Message: SERVER-29711 Fix nullptr dereference in OP_GET_MORE view check. Branch: master https://github.com/mongodb/mongo/commit/47856e523e3d3c842f95ec277f33728130ad14dd