[SERVER-56513] Numeric index key patterns can be outside the range of representable values of type 'int' Created: 30/Apr/21 Updated: 29/Oct/23 Resolved: 11/May/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 4.4.5 |
| Fix Version/s: | 5.0.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Gregory Wlodarek | Assignee: | Benety Goh |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Steps To Reproduce: | Run the following with the undefined behaviour sanitizer in jstests/core/
|
||||||||||||||||
| Sprint: | Execution Team 2021-05-17 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Linked BF Score: | 168 | ||||||||||||||||
| Description |
|
The undefined behaviour sanitizer was trying to create indexes with numeric key patterns outside the range of representable values of 'int'. The input wasn't rejected by the createIndexes command and code at later points called BSONElement::numberInt() assuming it's safe. Here are two spots that UBSan found, but there may be more: I've verified that this behaviour already exists on v4.4, so the solution will need to be cautious as index specifications with these patterns can already be stored durably. |
| Comments |
| Comment by Githook User [ 08/May/21 ] |
|
Author: {'name': 'Benety Goh', 'email': 'benety@mongodb.com', 'username': 'benety'}Message: |
| Comment by Benety Goh [ 07/May/21 ] |
|
Needs some cleanup in |
| Comment by Githook User [ 07/May/21 ] |
|
Author: {'name': 'Benety Goh', 'email': 'benety@mongodb.com', 'username': 'benety'}Message: Revert " This reverts commit c1ffed1b5d9495d61b7cb30ec00b7b024898acdf. |
| Comment by Githook User [ 06/May/21 ] |
|
Author: {'name': 'Benety Goh', 'email': 'benety@mongodb.com', 'username': 'benety'}Message: |
| Comment by Githook User [ 06/May/21 ] |
|
Author: {'name': 'Benety Goh', 'email': 'benety@mongodb.com', 'username': 'benety'}Message: This is redundant when we have IndexDescriptor::isIdIndex(). |
| Comment by Githook User [ 05/May/21 ] |
|
Author: {'name': 'Benety Goh', 'email': 'benety@mongodb.com', 'username': 'benety'}Message: |
| Comment by Benety Goh [ 05/May/21 ] |
|
There is a similar function to check the _id key pattern in KeyPattern. Fortunately, this function is used in only one place which also has access to IndexDescriptor. |