[SERVER-71360] Casting value from a byte can be out of range for BinDataType Created: 15/Nov/22  Updated: 29/Oct/23  Resolved: 16/Nov/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 6.2.0-rc3, 6.3.0-rc0

Type: Bug Priority: Major - P3
Reporter: Yuhong Zhang Assignee: Yuhong Zhang
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v6.2
Sprint: Execution Team 2022-11-28
Participants:
Linked BF Score: 137

 Description   

BinDataType enum has the range of 0 to 255. But when we read the subtype byte from a BSON object as signed values, the arithmetic can result in huge numbers. Casting it to the enum can be out of range, resulting in undefined behaviors. 



 Comments   
Comment by Githook User [ 01/Dec/22 ]

Author:

{'name': 'Yuhong Zhang', 'email': 'yuhong.zhang@mongodb.com', 'username': 'YuhongZhang98'}

Message: SERVER-71360 Avoid signed promotion on the value of the subtype before casting to BinDataType (cherry picked from commit d69c4bd59cff4c00d15421454dd6de2f90dfadb4)
Branch: v6.2
https://github.com/mongodb/mongo/commit/f90b35cf6c25a223c2f96649ee74a8ee943c13c7

Comment by Liubov Molchanova [ 22/Nov/22 ]

Requesting a backport as the issue reproduced on v6.2 (BFG-1663003)

Comment by Githook User [ 16/Nov/22 ]

Author:

{'name': 'Yuhong Zhang', 'email': 'yuhong.zhang@mongodb.com', 'username': 'YuhongZhang98'}

Message: SERVER-71360 Avoid C-style casting in the BSON validator
Branch: master
https://github.com/mongodb/mongo/commit/f6c50e0b5e59381e2bb309845206cdbeffa96654

Comment by Githook User [ 16/Nov/22 ]

Author:

{'name': 'Yuhong Zhang', 'email': 'yuhong.zhang@mongodb.com', 'username': 'YuhongZhang98'}

Message: SERVER-71360 Avoid signed promotion on the value of the subtype before casting to BinDataType
Branch: master
https://github.com/mongodb/mongo/commit/d69c4bd59cff4c00d15421454dd6de2f90dfadb4

Generated at Thu Feb 08 06:18:47 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.