From f900090584b6fa2e36aee754751d86b09e77431b Mon Sep 17 00:00:00 2001
From: jsteemann <jan@arangodb.com>
Date: Thu, 19 Nov 2015 00:16:00 +0100
Subject: [PATCH] fixed undefined behavior

---
 CHANGELOG                  | 3 +++
 arangod/Aql/Expression.cpp | 8 ++++----
 arangod/Aql/Expression.h   | 1 +
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 68b894bdc3..ae009594ab 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -103,6 +103,9 @@ v2.8.0 (XXXX-XX-XX)
 v2.7.2 (XXXX-XX-XX)
 -------------------
 
+* fixed undefined behavior when accessing the top level of a document with the `[*]`
+  operator
+
 * fixed potentially invalid pointer access in shaper when the currently accessed
   document got re-located by the WAL collector at the very same time
 
diff --git a/arangod/Aql/Expression.cpp b/arangod/Aql/Expression.cpp
index 9665183861..9e8764295b 100644
--- a/arangod/Aql/Expression.cpp
+++ b/arangod/Aql/Expression.cpp
@@ -529,7 +529,7 @@ AqlValue Expression::executeSimpleExpression (AstNode const* node,
     case NODE_TYPE_EXPANSION:
       return executeSimpleExpressionExpansion(node, trx, argv, startPos, vars, regs);
     case NODE_TYPE_ITERATOR:
-      return executeSimpleExpressionIterator(node, trx, argv, startPos, vars, regs);
+      return executeSimpleExpressionIterator(node, collection, trx, argv, startPos, vars, regs);
     case NODE_TYPE_OPERATOR_BINARY_PLUS:
     case NODE_TYPE_OPERATOR_BINARY_MINUS:
     case NODE_TYPE_OPERATOR_BINARY_TIMES:
@@ -1290,6 +1290,7 @@ AqlValue Expression::executeSimpleExpressionExpansion (AstNode const* node,
 ////////////////////////////////////////////////////////////////////////////////
 
 AqlValue Expression::executeSimpleExpressionIterator (AstNode const* node,
+                                                      TRI_document_collection_t const** collection, 
                                                       triagens::arango::AqlTransaction* trx,
                                                       AqlItemBlock const* argv,
                                                       size_t startPos,
@@ -1298,9 +1299,8 @@ AqlValue Expression::executeSimpleExpressionIterator (AstNode const* node,
   TRI_ASSERT(node != nullptr);
   TRI_ASSERT(node->numMembers() == 2);
 
-  // intentionally do not stringify node 0
-  TRI_document_collection_t const* myCollection = nullptr;
-  return executeSimpleExpression(node->getMember(1), &myCollection, trx, argv, startPos, vars, regs, true);
+  *collection = nullptr;
+  return executeSimpleExpression(node->getMember(1), collection, trx, argv, startPos, vars, regs, true);
 }
 
 ////////////////////////////////////////////////////////////////////////////////
diff --git a/arangod/Aql/Expression.h b/arangod/Aql/Expression.h
index c76fe8cced..21f0de7c6f 100644
--- a/arangod/Aql/Expression.h
+++ b/arangod/Aql/Expression.h
@@ -485,6 +485,7 @@ namespace triagens {
 ////////////////////////////////////////////////////////////////////////////////
 
         AqlValue executeSimpleExpressionIterator (AstNode const*,
+                                                  TRI_document_collection_t const**, 
                                                   triagens::arango::AqlTransaction*,
                                                   AqlItemBlock const*,
                                                   size_t,