Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.4.7, 5.0.0-rc2, 4.2.16, 4.0.27
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v5.0, v4.4, v4.2, v4.0
Sprint:
Query Execution 2021-05-03, Query Execution 2021-05-17, Query Execution 2021-05-31, Query Execution 2021-06-14, Query Execution 2021-06-28
Linked BF Score:
128
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

attemptToParseFindSlice uses BSONElement::numberInt to extract $slice value from BSON here. If BSONElement contains double NaN, +inf or -inf values, this method still converts it to int type here. This is undefined behaviour and is caught by UBSAN.

related to

SERVER-26148 Commands should convert integers from user input safely

Closed

Assignee:: Nikita Lapkov (Inactive)
Reporter:: Nikita Lapkov (Inactive)
Participants:: Githook User, Nikita Lapkov
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Apr 30 2021 03:53:08 PM UTC
Updated:: Oct 29 2023 09:54:13 PM UTC
Resolved:: Jun 11 2021 04:12:25 PM UTC
Confidence Status Last Update:: 14/May/21 10:36 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates