[SERVER-56777] Unchecked conversion from double to int in mongo shell may result in UB Created: 07/May/21  Updated: 29/Oct/23  Resolved: 10/May/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.0.0-rc0

Type: Bug Priority: Major - P3
Reporter: Ian Boros Assignee: Ian Boros
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:
Linked BF Score: 130

 Description   

The following line converts a double (from user input) to int without any kind of bounds check. If the double cannot be represented by an int, this is undefined behavior.

 

Example:

db.c.find(BinData(18446744073709552000, 'AAA=')) 

The BinData subtype is only one byte, so we should just ensure the value is between 0 and 255 before doing the cast.

 



 Comments   
Comment by Githook User [ 10/May/21 ]

Author:

{'name': 'Ian Boros', 'email': 'ian.boros@mongodb.com', 'username': 'puppyofkosh'}

Message: SERVER-56777 Fix UB in valuewriter
Branch: master
https://github.com/mongodb/mongo/commit/e6292a194c58d086caa1f62310491a220dda1854

Generated at Thu Feb 08 05:40:10 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.