Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-56516

Fix undefined behaviour in parsing code for $slice projectional operator

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 4.4.7, 5.0.0-rc2, 4.2.16, 4.0.27
    • None
    • None
    • Fully Compatible
    • ALL
    • v5.0, v4.4, v4.2, v4.0
    • Query Execution 2021-05-03, Query Execution 2021-05-17, Query Execution 2021-05-31, Query Execution 2021-06-14, Query Execution 2021-06-28
    • 128

    Description

      attemptToParseFindSlice uses BSONElement::numberInt to extract $slice value from BSON here. If BSONElement contains double NaN, +inf or -inf values, this method still converts it to int type here. This is undefined behaviour and is caught by UBSAN.

      Attachments

        Issue Links

          related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-26148 Commands should convert integers from user input safely

          • Major - P3 - Major loss of function.
          • Backlog

          Activity

            People

              nikita.lapkov@mongodb.com Nikita Lapkov (Inactive)
              nikita.lapkov@mongodb.com Nikita Lapkov (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: