-
Type: Improvement
-
Resolution: Unresolved
-
Priority: Minor - P4
-
None
-
Affects Version/s: 1.6.0
-
Component/s: libmongoc
mongoc_topology_new() selects the "localThresholdMS" URI option as an int32_t, where it is assigned to an int64_t in the struct field.
From there, it passes the value as an int64_t to mongoc_topology_description_select(). That int64_t is then passed as an size_t to mongoc_topology_description_suitable_servers(), which may also call _mongoc_try_mode_secondary() (also accepting a size_t).
There seem to be two issues with this:
- A negative "localThresholdMS" option parsed as a signed int32_t would be converted to a negative, signed int64_t value and possibly a very large unsigned size_t.
- On a 32-bit system, a int64_t is being assigned to a possibly 32-bit size_t. Aside from a possible compiler warning, this might also lead to an unexpected assignment of a negative 64-bit value to an unsigned 32-bit value. I'm uncertain if the sign bit would simply be ignored, etc.
The server selection spec does not outline a maximum value for "localThresholdMS", so I presume that is left to implementations. In that event, it might be reasonable to limit it to the maximum value of a signed 32-bit integer and always store it as a size_t after mongoc_topology_new() parses the URI option.
- related to
-
CDRIVER-2060 localThresholdMS is not validated as a non-negative value
- Closed