Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-56516

Fix undefined behaviour in parsing code for $slice projectional operator

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.4.7, 5.0.0-rc2, 4.2.16, 4.0.27
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Fully Compatible
    • ALL
    • v5.0, v4.4, v4.2, v4.0
    • Query Execution 2021-05-03, Query Execution 2021-05-17, Query Execution 2021-05-31, Query Execution 2021-06-14, Query Execution 2021-06-28
    • 128

      attemptToParseFindSlice uses BSONElement::numberInt to extract $slice value from BSON here. If BSONElement contains double NaN, +inf or -inf values, this method still converts it to int type here. This is undefined behaviour and is caught by UBSAN.

            Assignee:
            nikita.lapkov@mongodb.com Nikita Lapkov (Inactive)
            Reporter:
            nikita.lapkov@mongodb.com Nikita Lapkov (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: