Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-56513

Numeric index key patterns can be outside the range of representable values of type 'int'

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 5.0.0-rc0
    • Affects Version/s: 4.4.5
    • Component/s: None
    • Labels:
      None
    • Fully Compatible
    • ALL
    • Hide

      Run the following with the undefined behaviour sanitizer in jstests/core/

      (function() {
"use strict";

const coll = db.int_key_pattern;
coll.drop();

assert.commandWorked(db.createCollection(coll.getName()));
assert.commandWorked(coll.insert({x: 1, y: "foo", z: 1}));

coll.createIndex({_id: 1.8446744073709552e+19});
coll.createIndex({_id: -1.8446744073709552e+19});
coll.createIndex({x: 1.8446744073709552e+19});
coll.createIndex({x: -1.8446744073709552e+19});
coll.createIndex({y: 'text', z: 4294967296});
coll.createIndex({y: 'text', z: -4294967296});
}());
      Show
      Run the following with the undefined behaviour sanitizer in jstests/core/ (function() { "use strict" ; const coll = db.int_key_pattern; coll.drop(); assert .commandWorked(db.createCollection(coll.getName())); assert .commandWorked(coll.insert({x: 1, y: "foo" , z: 1})); coll.createIndex({_id: 1.8446744073709552e+19}); coll.createIndex({_id: -1.8446744073709552e+19}); coll.createIndex({x: 1.8446744073709552e+19}); coll.createIndex({x: -1.8446744073709552e+19}); coll.createIndex({y: 'text' , z: 4294967296}); coll.createIndex({y: 'text' , z: -4294967296}); }());
    • Execution Team 2021-05-17
    • 168

      The undefined behaviour sanitizer was trying to create indexes with numeric key patterns outside the range of representable values of 'int'. The input wasn't rejected by the createIndexes command and code at later points called BSONElement::numberInt() assuming it's safe.

      Here are two spots that UBSan found, but there may be more:

      1. IndexDescriptor
      2. FTSSpec

      I've verified that this behaviour already exists on v4.4, so the solution will need to be cautious as index specifications with these patterns can already be stored durably.

            Assignee:
            benety.goh@mongodb.com Benety Goh
            Reporter:
            gregory.wlodarek@mongodb.com Gregory Wlodarek
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: