[SERVER-36926] Undefined behavior from signed overflow in cursor manager, can result in mongos invariant failure - MongoDB Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.1.3, 4.0.24, 3.6.24
Component/s: Querying
Labels:
- asdf
- bkp
- neweng

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.0, v3.6
Sprint:
Query 2018-10-08
Case:

Description

david.storch pointed this out while we were reading some code at my desk:

The call to std::abs(_pseudoRandom.nextInt32()) here could result in undefined behavior if _pseudoRandom.nextInt32() returns MIN_INT. Most compilers will probably do something reasonable in this situation. Many will probably just return MIN_INT, meaning that it's possible to get a negative cursor id.

Attachments

Issue Links

is duplicated by

SERVER-27796 Invariant failure in cluster_cursor_manager.cpp, numDeleted == 1

Closed

Activity

People

Assignee:: Ted Tuckman

Reporter:: Ian Boros

Participants:: David Storch, Githook User, Ian Boros, Ted Tuckman

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: Aug 29 2018 07:17:36 PM UTC

Updated:: Jun 23 2021 04:54:17 PM UTC

Resolved:: Sep 10 2018 05:49:31 PM UTC