[CDRIVER-2059] Topology component uses signed and unsigned types for localThresholdMS Created: 16/Feb/17  Updated: 22/Jan/24

Status: Backlog
Project: C Driver
Component/s: libmongoc
Affects Version/s: 1.6.0
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Jeremy Mikola Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CDRIVER-2060 localThresholdMS is not validated as ... Closed

 Description   

mongoc_topology_new() selects the "localThresholdMS" URI option as an int32_t, where it is assigned to an int64_t in the struct field.

From there, it passes the value as an int64_t to mongoc_topology_description_select(). That int64_t is then passed as an size_t to mongoc_topology_description_suitable_servers(), which may also call _mongoc_try_mode_secondary() (also accepting a size_t).

There seem to be two issues with this:

  • A negative "localThresholdMS" option parsed as a signed int32_t would be converted to a negative, signed int64_t value and possibly a very large unsigned size_t.
  • On a 32-bit system, a int64_t is being assigned to a possibly 32-bit size_t. Aside from a possible compiler warning, this might also lead to an unexpected assignment of a negative 64-bit value to an unsigned 32-bit value. I'm uncertain if the sign bit would simply be ignored, etc.

The server selection spec does not outline a maximum value for "localThresholdMS", so I presume that is left to implementations. In that event, it might be reasonable to limit it to the maximum value of a signed 32-bit integer and always store it as a size_t after mongoc_topology_new() parses the URI option.


Generated at Wed Feb 07 21:14:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.