Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.2.0-rc0
Affects Version/s: 3.3.12
Component/s: Stability
Labels:
- query-44-grooming

Assigned Teams:

Query Optimization
Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Currently, almost all commands use BSONElement::numberLong or BSONElement::numberInt to parse user input for fields that expect a number. This results in undefined behavior when the input is outside the range of a valid integer type.

User-facing commands should use BSONElement::safeNumberLong instead. See the geoNear command as an example.

is depended on by

SERVER-25188 Add non-debug UBSan variant for jstestfuzz tasks

Closed

is related to

SERVER-41024 safeInt32 and safeInt64 IDL types are not safe for all numerical inputs, results in UB

Closed

SERVER-56516 Fix undefined behaviour in parsing code for $slice projectional operator

Closed

SERVER-57118 Unify query operators argument validation

Backlog

related to

SERVER-12813 Overflow when converting double values in user input to long long values

Open

SERVER-68309 Investigate for unsafe narrowing conversions

Closed

SERVER-68705 Refactor BSONElement API to avoid unsafe implicit type conversion

Backlog

(2 related to)

Assignee:: Nicholas Zolnierz
Reporter:: Robert Guo (Inactive)
Participants:: Githook User, Nicholas Zolnierz, Robert Guo
Votes:: 0 Vote for this issue
Watchers:: 10 Start watching this issue

Created:: Sep 16 2016 08:33:15 PM UTC
Updated:: Apr 10 2025 03:15:58 AM UTC
Resolved:: Mar 27 2025 06:49:12 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates