[SERVER-31623] MatcherTypeSet::parseSingleType() should not cast large doubles to integer - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.6.0-rc1
Component/s: Internal Code
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Sprint:
Query 2017-10-23, Query 2017-11-13
Linked BF Score:
0

Description

MatcherTypeSet verifies that a numeric BSONElement has an integral value by casting the value to int via BSONElement::numberLong() and then comparing this value with BSONElement::number().

However, calling BSONElement::numberInt() is undefined behavior if the value being cast is outside the representable range of int. We should do something else that checks the value of the double before casting to avoid the undefined behavior.

The undefined behavior was introduced in a test case as part of ~~SERVER-30157~~.

Attachments

Issue Links

is caused by

SERVER-30157 $type parsing should reject non-integral type codes

Closed

Activity

People

Assignee:: Kyle Suarez

Reporter:: Kyle Suarez

Participants:: Githook User, Kyle Suarez

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: Oct 18 2017 06:23:30 PM UTC

Updated:: Dec 06 2017 09:13:12 PM UTC

Resolved:: Oct 23 2017 09:43:10 PM UTC