[DRIVERS-2651] Add decimal128 clamped zeros tests with very large exponents Created: 20/May/23 Updated: 28/Oct/23 Resolved: 04/Jul/23 |
|
| Status: | Closed |
| Project: | Drivers |
| Component/s: | Decimal128 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Unknown |
| Reporter: | Matt Dale | Assignee: | Matt Dale |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Driver Changes: | Not Needed | ||||||||||||||||||||||||||||
| Driver Compliance: |
|
||||||||||||||||||||||||||||
| Description |
SummaryThe Go driver recently fixed a bug that could cause an effectively infinite loop when parsing decimal128 Extended JSON values that contain extremely large positive or negative integers (see MotivationWho is the affected end user?Customers who want to parse decimal128 values from Extended JSON strings or other strings. How does this affect the end user?The parser may hang indefinitely or behave unexpectedly when clamping certain values with very large positive or negative exponents. How likely is it that this problem or use case will occur?The problem only occurs when parsing specific strings as decimal128. Examples include:
An Extended JSON marshaler that passes the BSON test corpus should never generate the problematic strings, so the problem is only likely to happen if a customer uses the string-to-decimal128 parser to parse user-provided input. If the problem does occur, what are the consequences and how severe are they?The customer's application could hang. If the customer's application parses user-provided input, it could expose the customer to a denial-of-service attack. Is this issue urgent?No. Is this ticket required by a downstream team?No. Is this ticket only for tests?Yes. Acceptance Criteria
|
| Comments |
| Comment by Tom Selander [ 05/Jul/23 ] |
|
SGTM |
| Comment by Matt Dale [ 04/Jul/23 ] |
|
james.kovacs@mongodb.com tom.selander@mongodb.com closing this ticket and letting drivers pick up the new test case the next time they sync the BSON corpus sounds reasonable. I've merged the spec test change, so I'm moving this ticket to resolved. |
| Comment by Githook User [ 04/Jul/23 ] |
|
Author: {'name': 'Matt Dale', 'email': '9760375+matthewdale@users.noreply.github.com', 'username': 'matthewdale'}Message: |
| Comment by Tom Selander [ 13/Jun/23 ] |
|
matt.dale@mongodb.com can you take a look at the BSON corpus to doublecheck that the existing guidance that is there is in alignment with the clarification that you are proposing above. Let us know what you find and if you can make a recommendation, we'll revisit this DRIVERS ticket. |