Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-26148

Commands should convert integers from user input safely

    • Type: Icon: Bug Bug
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 3.3.12
    • Component/s: Stability
    • Query Optimization
    • ALL

      Currently, almost all commands use BSONElement::numberLong or BSONElement::numberInt to parse user input for fields that expect a number. This results in undefined behavior when the input is outside the range of a valid integer type.

      User-facing commands should use BSONElement::safeNumberLong instead. See the geoNear command as an example.

            Assignee:
            backlog-query-optimization [DO NOT USE] Backlog - Query Optimization
            Reporter:
            robert.guo@mongodb.com Robert Guo (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: