[SERVER-5415] some large compound $in sets won't trigger assertion due to integer overflow Created: 26/Mar/12  Updated: 28/Jan/15  Resolved: 28/Jan/15

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Aaron Staple Assignee: Unassigned
Resolution: Incomplete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Description   

The code for checking the size of the $in bounds set product doesn't handle an integer overflow.

 
t = db.jstests_inc;
t.drop();
 
t.save( {} );
 
inValues = [];
for( i = 0; i < 256; ++i ) {
    inValues.push( i );
}
 
index = {};
query = {};
for( i = 0; i < 8; ++i ) {
    index[ '' + i ] = 1;
    query[ '' + i ] = { $in:inValues };
}
t.ensureIndex( index );
 
assert.throws( function() { t.find( query ).hint( index ).itcount(); } );
 



 Comments   
Comment by David Storch [ 28/Jan/15 ]

This refers to the internals of the old query system's implementation, and is no longer relevant. Closing as Incomplete.

Comment by auto [ 09/Apr/12 ]

Author:

{u'login': u'tadmarshall', u'name': u'Tad Marshall', u'email': u'tad@10gen.com'}

Message: SERVER-5415 Make truncation explicit

Use static_cast<> to tuncate return value from
FieldRangeVector::size() so it is clear that this is intended.
Branch: master
https://github.com/mongodb/mongo/commit/ad2dc0f0bf353deb3e358a630126b369572c5b1e

Comment by auto [ 07/Apr/12 ]

Author:

{u'login': u'astaple', u'name': u'Aaron', u'email': u'aaron@10gen.com'}

Message: SERVER-5415 Detect overflow when computing FieldRangeVector::size().
Branch: master
https://github.com/mongodb/mongo/commit/8102ea18a6d9f3b521025dccadbd94598b6acc32

Generated at Thu Feb 08 03:08:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.