Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Critical - P2
Fix Version/s: 7.0.15, 5.0.30, 6.0.19, 8.0.2
Affects Version/s: None
Component/s: None
Labels:
- auto-reverted
- sp-bson

Assigned Teams:

Server Programmability
Backwards Compatibility:
Fully Compatible
Backport Requested:

v8.0, v7.0, v6.0, v5.0
Linked BF Score:
0
Confidence Status:
None
Work Order:
0
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Currently there are places where we pass field names around using StringData, such as in the BSONObj::getField method, where there is a potential for the passed string to contain an embedded '\0' character. Inserting this in a BSON object would lead to structurally corrupt BSON data and undefined behavior.

While currently there are no known issues of this happening, it is a risk that can and should be mitigated by using a new type for strings that are valid for use as a field name.

is related to

SERVER-94955 Add more testing for $getField

Closed

related to

SERVER-95748 createRegex() in bsoncolumn_builder_fuzzer.cpp test code needs work

Closed

Assignee:: Mathias Stearn
Reporter:: Geert Bosch
Participants:: Geert Bosch, Githook User, Mathias Stearn
Votes:: 0 Vote for this issue
Watchers:: 17 Start watching this issue

Created:: Sep 26 2024 02:43:23 PM UTC
Updated:: Mar 26 2025 02:38:34 PM UTC
Resolved:: Oct 17 2024 05:44:20 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates