[SERVER-31623] MatcherTypeSet::parseSingleType() should not cast large doubles to integer Created: 18/Oct/17  Updated: 30/Oct/23  Resolved: 23/Oct/17

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: 3.6.0-rc1

Type: Bug Priority: Major - P3
Reporter: Kyle Suarez Assignee: Kyle Suarez
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Problem/Incident
is caused by SERVER-30157 $type parsing should reject non-integ... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Query 2017-10-23, Query 2017-11-13
Participants:
Linked BF Score: 0

 Description   

MatcherTypeSet verifies that a numeric BSONElement has an integral value by casting the value to int via BSONElement::numberLong() and then comparing this value with BSONElement::number().

However, calling BSONElement::numberInt() is undefined behavior if the value being cast is outside the representable range of int. We should do something else that checks the value of the double before casting to avoid the undefined behavior.

The undefined behavior was introduced in a test case as part of SERVER-30157.



 Comments   
Comment by Githook User [ 23/Oct/17 ]

Author:

{'email': 'kyle.suarez@mongodb.com', 'name': 'Kyle Suarez', 'username': 'ksuarz'}

Message: SERVER-31623 MatcherTypeSet must not cast large doubles to int
Branch: master
https://github.com/mongodb/mongo/commit/dbe347e2ec54858a39a2b4c59d5812214b4b94cd

Generated at Thu Feb 08 04:27:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.