Overflow when converting double values in user input to long long values

XMLWordPrintableJSON

    • Query Optimization
    • ALL
    • 0
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      If 'batchSize' argument in cursor exceeds some value, it overflows, being considered negative.

      > use foo
      switched to db foo
      > var bigArray = [];
      > for (var i = 0; i < 1000; ++i) { bigArray.push(i); }
      1000
      > var bigStr = Array(1001).toString();
      > for (var i = 0; i < 100; ++i) { db.goo.insert({_id: i, bigArray: bigArray, bigStr: bigStr})};
      WriteResult({ "nInserted" : 1 })
      > var cursor = db.runCommand({aggregate: "goo", pipeline: [{$unwind:'$bigArray'}], cursor : {batchSize : Math.pow(2, 63)}})
      > cursor
      {
      	"errmsg" : "exception: Cursor batchSize must not be negative",
      	"code" : 16957,
      	"ok" : 0
      }
      > var cursor = db.runCommand({aggregate: "goo", pipeline: [{$unwind:'$bigArray'}], cursor : {batchSize : Math.pow(2, 62)}})
      > cursor
      {
      	"cursor" : {
      		"id" : NumberLong(0),
      		"ns" : "test.goo",
      		"firstBatch" : [ ..... ] 
      	},
      	"ok" : 1
      }
      
      > print(Math.pow(2, 63))
      9223372036854776000
      

              Assignee:
              [DO NOT USE] Backlog - Query Optimization
              Reporter:
              Davide Italiano (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: