[SERVER-57350] ShardKeyPattern::parseShardKeyPattern() - NaN representation is being cast to integer Created: 02/Jun/21 Updated: 29/Oct/23 Resolved: 10/Jun/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.0.4, 5.1.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Marcos José Grillo Ramirez | Assignee: | Benety Goh |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Operating System: | ALL | ||||||||||||
| Backport Requested: |
v5.0
|
||||||||||||
| Sprint: | Execution Team 2021-06-14 | ||||||||||||
| Participants: | |||||||||||||
| Linked BF Score: | 43 | ||||||||||||
| Description |
|
On bsonelement.h an unsafe cast is being done that could end up in a situation where NaN (which representation according to the EcmaScript specification is 9007199254740990) is being casted to an integer, the following example can cause such situation:
Here when passing the index we end up trying to get the number which does the cast. This causes failures on the fuzzer tests as can be seeing in the linked BF. |
| Comments |
| Comment by Vivian Ge (Inactive) [ 06/Oct/21 ] |
|
Updating the fixversion since branching activities occurred yesterday. This ticket will be in rc0 when it’s been triggered. For more active release information, please keep an eye on #server-release. Thank you! |
| Comment by Githook User [ 20/Sep/21 ] |
|
Author: {'name': 'Benety Goh', 'email': 'benety@mongodb.com', 'username': 'benety'}Message: (cherry picked from commit 6ebb5f9dfb1c3f6a2be267cd533c54fdfefbc993) |
| Comment by Githook User [ 10/Jun/21 ] |
|
Author: {'name': 'Benety Goh', 'email': 'benety@mongodb.com', 'username': 'benety'}Message: |