Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36926

Undefined behavior from signed overflow in cursor manager, can result in mongos invariant failure

    XMLWordPrintable

    Details

    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.0, v3.6
    • Sprint:
      Query 2018-10-08
    • Case:

      Description

      David Storch pointed this out while we were reading some code at my desk:

      The call to std::abs(_pseudoRandom.nextInt32()) here could result in undefined behavior if _pseudoRandom.nextInt32() returns MIN_INT. Most compilers will probably do something reasonable in this situation. Many will probably just return MIN_INT, meaning that it's possible to get a negative cursor id.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ted.tuckman Ted Tuckman
              Reporter:
              ian.boros Ian Boros
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: