Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-26148

Commands should convert integers from user input safely

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • 3.3.12
    • Stability
    • Query Optimization
    • ALL

    Description

      Currently, almost all commands use BSONElement::numberLong or BSONElement::numberInt to parse user input for fields that expect a number. This results in undefined behavior when the input is outside the range of a valid integer type.

      User-facing commands should use BSONElement::safeNumberLong instead. See the geoNear command as an example.

      Attachments

        Activity

          People

            backlog-query-optimization Backlog - Query Optimization
            robert.guo@mongodb.com Robert Guo (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated: