[SERVER-22695] GeoHash::clearUnusedBits applies undefined left shift to negative value Created: 17/Feb/16  Updated: 16/Mar/16  Resolved: 03/Mar/16

Status: Closed
Project: Core Server
Component/s: Geo
Affects Version/s: None
Fix Version/s: 3.3.3

Type: Bug Priority: Major - P3
Reporter: Andrew Morrow (Inactive) Assignee: David Storch
Resolution: Done Votes: 0
Labels: undefined-sanitizer
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

Run jstests/core/geo2.js under the undefined behavior sanitizer

Sprint: Query 11 (03/14/16)
Participants:

 Description   

See https://github.com/mongodb/mongo/blob/3b90410d75079ea80800eadc65bf599d9d525817/src/mongo/db/geo/hash.cpp#L422

Found by undefined behavior sanitizer:

MongoDFixture:job0]     #0 0x146655d in mongo::GeoHash::clearUnusedBits() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/geo/hash.cpp:422:22
[MongoDFixture:job0]     #1 0x1467cfa in mongo::GeoHash::GeoHash(long long, unsigned int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/geo/hash.cpp:174:5
[MongoDFixture:job0]     #2 0x1467cfa in mongo::GeoHash::parent(unsigned int) const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/geo/hash.cpp:493
[MongoDFixture:job0]     #3 0x1467e1d in mongo::GeoHash::appendVertexNeighbors(unsigned int, std::vector<mongo::GeoHash, std::allocator<mongo::GeoHash> >*) const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/geo/hash.cpp:506:26
[MongoDFixture:job0]     #4 0x135a257 in mongo::GeoNear2DStage::DensityEstimator::buildIndexScan(mongo::OperationContext*, mongo::WorkingSet*, mongo::Collection*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/exec/geo_near.cpp:324:5
[MongoDFixture:job0]     #5 0x135a79d in mongo::GeoNear2DStage::DensityEstimator::work(mongo::OperationContext*, mongo::WorkingSet*, mongo::Collection*, unsigned long*, double*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/exec/geo_near.cpp:354:9
[MongoDFixture:job0]     #6 0x135adc2 in mongo::GeoNear2DStage::initialize(mongo::OperationContext*, mongo::WorkingSet*, mongo::Collection*, unsigned long*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/exec/geo_near.cpp:399:9
[MongoDFixture:job0]     #7 0x139332e in mongo::NearStage::initNext(unsigned long*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/exec/near.cpp:72:35
[MongoDFixture:job0]     #8 0x13935f7 in mongo::NearStage::doWork(unsigned long*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/exec/near.cpp:94:21
[MongoDFixture:job0]     #9 0x13a1393 in mongo::PlanStage::work(unsigned long*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/exec/plan_stage.cpp:43:29
[MongoDFixture:job0]     #10 0x13a412f in mongo::ProjectionStage::doWork(unsigned long*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/exec/projection.cpp:197:25
[MongoDFixture:job0]     #11 0x13a1393 in mongo::PlanStage::work(unsigned long*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/exec/plan_stage.cpp:43:29
[MongoDFixture:job0]     #12 0x16e1213 in mongo::PlanExecutor::getNextImpl(mongo::Snapshotted<mongo::BSONObj>*, mongo::RecordId*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/query/plan_executor.cpp:393:38
[MongoDFixture:job0]     #13 0x16e0dcd in mongo::PlanExecutor::getNext(mongo::BSONObj*, mongo::RecordId*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/query/plan_executor.cpp:322:23
[MongoDFixture:job0]     #14 0x1248b59 in mongo::Geo2dFindNearCmd::run(mongo::OperationContext*, std::string const&, mongo::BSONObj&, int, std::string&, mongo::BSONObjBuilder&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/commands/geo_near_cmd.cpp:223:51
[MongoDFixture:job0]     #15 0x1307273 in mongo::Command::run(mongo::OperationContext*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/dbcommands.cpp:1464:19
[MongoDFixture:job0]     #16 0x1305692 in mongo::Command::execCommand(mongo::OperationContext*, mongo::Command*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/dbcommands.cpp:1332:18
[MongoDFixture:job0]     #17 0x1214624 in mongo::runCommands(mongo::OperationContext*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/commands.cpp:498:9
[MongoDFixture:job0]     #18 0x14b4813 in mongo::(anonymous namespace)::receivedRpc(mongo::OperationContext*, mongo::Client&, mongo::DbResponse&, mongo::Message&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/instance.cpp:304:9
[MongoDFixture:job0]     #19 0x14b4813 in mongo::assembleResponse(mongo::OperationContext*, mongo::Message&, mongo::DbResponse&, mongo::HostAndPort const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/instance.cpp:525
[MongoDFixture:job0]     #20 0x1012e54 in mongo::MyMessageHandler::process(mongo::Message&, mongo::AbstractMessagingPort*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/db.cpp:173:17
[MongoDFixture:job0]     #21 0x1dcb6bd in mongo::PortMessageServer::handleIncomingMsg(void*) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/util/net/message_server_port.cpp:229:17
[MongoDFixture:job0]     #22 0x7fe6b4e766a9 in start_thread /build/buildd/glibc-2.21/nptl/pthread_create.c:333
[MongoDFixture:job0]     #23 0x7fe6b4994eec in clone /build/buildd/glibc-2.21/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
[MongoDFixture:job0]



 Comments   
Comment by Githook User [ 03/Mar/16 ]

Author:

{u'username': u'dstorch', u'name': u'David Storch', u'email': u'david.storch@10gen.com'}

Message: SERVER-22695 fix left shift of negative number in GeoHash::clearUnusedBits()
Branch: master
https://github.com/mongodb/mongo/commit/43a4c11187e00647500fd88f5c88eff7fc28d3c6

Generated at Thu Feb 08 04:01:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.