[SERVER-31623] MatcherTypeSet::parseSingleType() should not cast large doubles to integer Created: 18/Oct/17 Updated: 30/Oct/23 Resolved: 23/Oct/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Code |
| Affects Version/s: | None |
| Fix Version/s: | 3.6.0-rc1 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Kyle Suarez | Assignee: | Kyle Suarez |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Operating System: | ALL | ||||||||||||
| Sprint: | Query 2017-10-23, Query 2017-11-13 | ||||||||||||
| Participants: | |||||||||||||
| Linked BF Score: | 0 | ||||||||||||
| Description |
|
MatcherTypeSet verifies that a numeric BSONElement has an integral value by casting the value to int via BSONElement::numberLong() and then comparing this value with BSONElement::number(). However, calling BSONElement::numberInt() is undefined behavior if the value being cast is outside the representable range of int. We should do something else that checks the value of the double before casting to avoid the undefined behavior. The undefined behavior was introduced in a test case as part of |
| Comments |
| Comment by Githook User [ 23/Oct/17 ] |
|
Author: {'email': 'kyle.suarez@mongodb.com', 'name': 'Kyle Suarez', 'username': 'ksuarz'}Message: |