[SERVER-61566] Fix unsafe check for BSONElement conversion from double to int Created: 17/Nov/21  Updated: 29/Oct/23  Resolved: 30/Nov/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.1.1

Type: Bug Priority: Major - P3
Reporter: Justin Seyster Assignee: Rui Liu
Resolution: Fixed Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: QE 2021-11-29, QE 2021-12-13
Participants:
Linked BF Score: 130

 Description   

This line of code is intended to implicitly convert double BSONElements to int when the conversion is exact:

https://github.com/mongodb/mongo/blob/1bdff76322b144ef27060fe79324fe3cce4bb17a/src/mongo/db/matcher/expression_parser.cpp#L1738

 

However, the call to `BSONElement::numberInt()` can fail when the number would overflow the int type. Additional checking is necessary to ensure that failure doesn't occur.



 Comments   
Comment by Githook User [ 30/Nov/21 ]

Author:

{'name': 'Rui Liu', 'email': 'rui.liu@mongodb.com', 'username': 'lriuui0x0'}

Message: SERVER-61566 Fix and extract coercion to 32-bit int logic in expression parsing
Branch: master
https://github.com/mongodb/mongo/commit/ab9802213c7afc0f88d497dee44c83ec6466435c

Generated at Thu Feb 08 05:52:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.