Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 3.3.8
Affects Version/s: None
Component/s: Index Maintenance
Labels:
- undefined-sanitizer

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:

Hide

Run jstests/core/geo_s2indexversion1.js under UBSAN

Show
Run jstests/core/geo_s2indexversion1.js under UBSAN
Sprint:
Platforms 15 (06/03/16)
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

The S2AccessMethod::fixSpec method unconditionally extracts the field 2dsphereIndexVersion and then treats it as a number, even though it may contain non-normal values like Inf or Nan, potentially eliciting undefined behavior. The field should be type and bounds checked before being treated as a valid integer.

Assignee:: Andrew Morrow (Inactive)
Reporter:: Andrew Morrow (Inactive)
Participants:: Andrew Morrow, Githook User
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: May 16 2016 02:52:12 PM UTC
Updated:: Jun 06 2016 09:16:24 PM UTC
Resolved:: May 16 2016 08:46:09 PM UTC
Confidence Status Last Update:: 16/May/16 4:35 PM

Details

Description

Attachments

Forms

Activity

People

Dates