Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31623

MatcherTypeSet::parseSingleType() should not cast large doubles to integer

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.6.0-rc1
    • Affects Version/s: None
    • Component/s: Internal Code
    • None
    • Fully Compatible
    • ALL
    • Query 2017-10-23, Query 2017-11-13
    • 0

      MatcherTypeSet verifies that a numeric BSONElement has an integral value by casting the value to int via BSONElement::numberLong() and then comparing this value with BSONElement::number().

      However, calling BSONElement::numberInt() is undefined behavior if the value being cast is outside the representable range of int. We should do something else that checks the value of the double before casting to avoid the undefined behavior.

      The undefined behavior was introduced in a test case as part of SERVER-30157.

            Assignee:
            kyle.suarez@mongodb.com Kyle Suarez
            Reporter:
            kyle.suarez@mongodb.com Kyle Suarez
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: