[SERVER-44111] Assert BSON object size is valid while copying Created: 18/Oct/19  Updated: 29/Oct/23  Resolved: 22/Oct/19

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.3.1

Type: Improvement Priority: Major - P3
Reporter: Louis Williams Assignee: Louis Williams
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Sprint: Execution Team 2019-10-21, Execution Team 2019-11-04
Participants:

 Description   

The copy() function for BSONObj could detect corrupt BSON and detect undefined behavior earlier for two reasons:

  • There is no verification that objsize() is below the maximum BSON size. An attempt to allocate a new buffer based on the size of an unowned BSON object can lead to very large allocations.
  • By making 2 calls to objsize(), the copy function may allocate a different amount of memory than it writes if the underlying buffer is unowned. This should also be fixed to prevent the possibility of undefined behavior.


 Comments   
Comment by Githook User [ 21/Oct/19 ]

Author:

{'name': 'Louis Williams', 'username': 'louiswilliams', 'email': 'louis.williams@mongodb.com'}

Message: SERVER-44111 Assert BSONObj size is valid while copying
Branch: master
https://github.com/mongodb/mongo/commit/5b749ef0105d92a2a3318c01d622f25201cd7bb8

Generated at Thu Feb 08 05:05:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.