[SERVER-56516] Fix undefined behaviour in parsing code for $slice projectional operator Created: 30/Apr/21 Updated: 29/Oct/23 Resolved: 11/Jun/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.4.7, 5.0.0-rc2, 4.2.16, 4.0.27 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Nikita Lapkov (Inactive) | Assignee: | Nikita Lapkov (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Backport Requested: |
v5.0, v4.4, v4.2, v4.0
|
||||||||||||||||
| Sprint: | Query Execution 2021-05-03, Query Execution 2021-05-17, Query Execution 2021-05-31, Query Execution 2021-06-14, Query Execution 2021-06-28 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Linked BF Score: | 128 | ||||||||||||||||
| Description |
|
attemptToParseFindSlice uses BSONElement::numberInt to extract $slice value from BSON here. If BSONElement contains double NaN, +inf or -inf values, this method still converts it to int type here. This is undefined behaviour and is caught by UBSAN. |
| Comments |
| Comment by Githook User [ 19/Jul/21 ] |
|
Author: {'name': 'Nikita Lapkov', 'email': 'nikita.lapkov@mongodb.com', 'username': 'laplab'}Message: (partially cherry picked from commit 19764c1864c1c57d9274238146e6843591bc6ce6) |
| Comment by Githook User [ 09/Jul/21 ] |
|
Author: {'name': 'Nikita Lapkov', 'email': 'nikita.lapkov@mongodb.com', 'username': 'laplab'}Message: |
| Comment by Githook User [ 11/Jun/21 ] |
|
Author: {'name': 'Nikita Lapkov', 'email': 'nikita.lapkov@mongodb.com', 'username': 'laplab'}Message: (cherry picked from commit 84ef6e51778fc42a39c85cf5a7a1e776ab94d1a7) |
| Comment by Githook User [ 11/Jun/21 ] |
|
Author: {'name': 'Nikita Lapkov', 'email': 'nikita.lapkov@mongodb.com', 'username': 'laplab'}Message: |
| Comment by Githook User [ 11/Jun/21 ] |
|
Author: {'name': 'Nikita Lapkov', 'email': 'nikita.lapkov@mongodb.com', 'username': 'laplab'}Message: (cherry picked from commit 84ef6e51778fc42a39c85cf5a7a1e776ab94d1a7) |