Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 3.3.8
Affects Version/s: None
Component/s: Index Maintenance
Labels:
- undefined-sanitizer

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:

Hide

Run jstests/core/geo_s2indexversion1.js under UBSAN

Show
Run jstests/core/geo_s2indexversion1.js under UBSAN
Sprint:
Platforms 15 (06/03/16)

The S2AccessMethod::fixSpec method unconditionally extracts the field 2dsphereIndexVersion and then treats it as a number, even though it may contain non-normal values like Inf or Nan, potentially eliciting undefined behavior. The field should be type and bounds checked before being treated as a valid integer.

Assignee:: Andrew Morrow (Inactive)

Reporter:: Andrew Morrow (Inactive)

Participants:: Andrew Morrow, Githook User

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: May 16 2016 02:52:12 PM UTC

Updated:: Jun 06 2016 09:16:24 PM UTC

Resolved:: May 16 2016 08:46:09 PM UTC

Details

Description

Attachments

Activity

People

Dates