Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-68309

Investigate for unsafe narrowing conversions

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Done
    • None
    • None
    • None
    • None
    • Execution Team 2022-08-08, Execution Team 2022-08-22
    • 138

    Description

      BSONElement methods numberLong and  numberInt are used in dozens of places in the codebase, but it's not clear a priori which uses might actually be problematic. If used on a NumberDouble with a NaN value, they simply cast to the desired type, and this can result in undefined behavior that differs depending on the platform. If we know that the type of element is the matching type, then we can safely use these methods to extract it. In many cases, this holds, either where we've already checked the type explicitly, or we know that we constructed this value to be a specific type because it's for internal use and we have a schema for these documents. But in some cases, we probably are just using these methods mistakenly to deal with input of unknown type, when we should be checking the type explicitly.

      We are already aware of some issues (e.g. SERVER-68359), but more problematic uses could still be lingering, and we should audit the codebase.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-26148 Commands should convert integers from user input safely

          • Major - P3 - Major loss of function.
          • Backlog
          related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68740 Non-default-seeded hashed indexes not working correctly since 2.6

          • Major - P3 - Major loss of function.
          • Backlog

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68796 Shard key index selection may ignore non-default hash seed

          • Major - P3 - Major loss of function.
          • Backlog

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68922 $natural parser should be stricter (reject NaN, etc)

          • Major - P3 - Major loss of function.
          • In Code Review

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68714 NaN issues in secure random number generator in mongo shell

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68715 NaN issues in Check/Wait pid in mongoshell

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68716 Fix undefined behavior in mongo::queryable::listDirectory

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68781 Check value of hidden maxChunkSizeBytes

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68836 Properly handle NaN and 0 in for LDAPTimeoutMS

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68838 Explicitly check for NaN when setting log verbosities

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68842 Passing in w: NaN for write concern is interpreted as w: 0

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-68920 Haystack geoSearch accepts NaN for 'limit' and 'maxDistance'

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-69008 Narrowing conversion of size parameter for cloneCollectionAsCapped

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-69009 Narrowing conversion of timestamp components in mozjs valuewriter

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-69036 Cluster dbStats command rounds prematurely

          • Major - P3 - Major loss of function.
          • Closed

          Task - A task that needs to be done. SERVER-68741 Remove code handling the non-default seed for hashed indexes

          • Major - P3 - Major loss of function.
          • Backlog

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-68705 Refactor BSONElement API to avoid unsafe implicit type conversion

          • Major - P3 - Major loss of function.
          • Backlog

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-68720 Safely parse minWireVersion and maxWireVersion in initWireVersion

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              dan.larkin-york@mongodb.com Dan Larkin-York
              dan.larkin-york@mongodb.com Dan Larkin-York
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: