-
Type:
Bug
-
Resolution: Done
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: JavaScript
-
Labels:
-
Fully Compatible
-
ALL
-
-
Platforms 11 (03/11/16)
If the double value casted here is not representable as an integer, the behavior is undefined:
See https://www.securecoding.cert.org/confluence/display/c/FLP34-C.+Ensure+that+floating-point+conversions+are+within+range+of+the+new+type for additional details.
The relevant undefined behavior sanitizer stack trace is:
[js_test:bulk_insert] 2016-02-17T11:39:27.140-0500 (/home/andrew/Documents/10gen/dev/src/mongodb/mongo+0x99eb81): runtime error: value 1.45573e+12 is outside the range of representable values of type 'int' [js_test:bulk_insert] 2016-02-17T11:39:27.142-0500 #0 0xbdaf6c in mongo::mozjs::ValueWriter::writeThis(mongo::BSONObjBuilder*, mongo::StringData, mongo::mozjs::LifetimeStack<mongo::mozjs::ObjectWrapper::WriteFieldRecursionFrame, 150ul>*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/scripting/mozjs/valuewriter.cpp:207:39 [js_test:bulk_insert] 2016-02-17T11:39:27.143-0500 #1 0xbc87c9 in mongo::mozjs::ObjectWrapper::_writeField(mongo::BSONObjBuilder*, mongo::mozjs::ObjectWrapper::Key, mongo::mozjs::LifetimeStack<mongo::mozjs::ObjectWrapper::WriteFieldRecursionFrame, 150ul>*, mongo::BSONObj*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/scripting/mozjs/objectwrapper.cpp:568:5 [js_test:bulk_insert] 2016-02-17T11:39:27.143-0500 #2 0xbc8216 in mongo::mozjs::ObjectWrapper::toBSON() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/scripting/mozjs/objectwrapper.cpp:522:13 [js_test:bulk_insert] 2016-02-17T11:39:27.143-0500 #3 0xbc0192 in mongo::mozjs::NativeFunctionInfo::call(JSContext*, JS::CallArgs) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/scripting/mozjs/nativefunction.cpp:85:33 [js_test:bulk_insert] 2016-02-17T11:39:27.146-0500 #4 0xbaa550 in bool mongo::mozjs::smUtils::call<mongo::mozjs::NativeFunctionInfo>(JSContext*, unsigned int, JS::Value*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/scripting/mozjs/wraptype.h:117:9 [js_test:bulk_insert] 2016-02-17T11:39:27.164-0500 #5 0xfcad7f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/mozjs-38/extract/js/src/jscntxtinlines.h:226:15 [js_test:bulk_insert] 2016-02-17T11:39:27.164-0500 #6 0xf6b64a in js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/mozjs-38/extract/js/src/vm/Interpreter.cpp:491:16 [js_test:bulk_insert] 2016-02-17T11:39:27.165-0500 #7 0xf852c2 in Interpret(JSContext*, js::RunState&) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/mozjs-38/extract/js/src/vm/Interpreter.cpp:2602:18 [js_test:bulk_insert] 2016-02-17T11:39:27.166-0500 #8 0xf7a19c in js::RunScript(JSContext*, js::RunState&) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/mozjs-38/extract/js/src/vm/Interpreter.cpp:448:12 [js_test:bulk_insert] 2016-02-17T11:39:27.167-0500 #9 0xf8efec in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::ExecuteType, js::AbstractFramePtr, JS::Value*) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/mozjs-38/extract/js/src/vm/Interpreter.cpp:654:15 [js_test:bulk_insert] 2016-02-17T11:39:27.167-0500 #10 0xf8f343 in js::Execute(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value*) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/mozjs-38/extract/js/src/vm/Interpreter.cpp:690:12 [js_test:bulk_insert] 2016-02-17T11:39:27.180-0500 #11 0x14452fc in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::Value*) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/mozjs-38/extract/js/src/jsapi.cpp:3994:12 [js_test:bulk_insert] 2016-02-17T11:39:27.180-0500 #12 0xb9d1cf in mongo::mozjs::MozJSImplScope::exec(mongo::StringData, std::string const&, bool, bool, bool, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/scripting/mozjs/implscope.cpp:637:15 [js_test:bulk_insert] 2016-02-17T11:39:27.181-0500 #13 0xbd0eed in mongo::mozjs::MozJSProxyScope::exec(mongo::StringData, std::string const&, bool, bool, bool, int)::$_26::operator()() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/scripting/mozjs/proxyscope.cpp:223:15 [js_test:bulk_insert] 2016-02-17T11:39:27.181-0500 #14 0xbcaea2 in mongo::mozjs::MozJSProxyScope::implThread(void*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/scripting/mozjs/proxyscope.cpp:348:13 [js_test:bulk_insert] 2016-02-17T11:39:27.182-0500 #15 0xb77e81 in nspr::Thread::ThreadRoutine(void*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/scripting/mozjs/PosixNSPR.cpp:56:5 [js_test:bulk_insert] 2016-02-17T11:39:27.187-0500 #16 0x7f445017d02f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb902f) [js_test:bulk_insert] 2016-02-17T11:39:27.191-0500 #17 0x7f444fead6a9 in start_thread /build/buildd/glibc-2.21/nptl/pthread_create.c:333 [js_test:bulk_insert] 2016-02-17T11:39:27.221-0500 #18 0x7f444f9cbeec in clone /build/buildd/glibc-2.21/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109 [js_test:bulk_insert] 2016-02-17T11:39:27.221-0500