[SERVER-73568] Integer overflow in sharded find when maxTimeMS > 2M Created: 02/Feb/23 Updated: 29/Oct/23 Resolved: 03/Feb/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.3.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Steve Tarzia | Assignee: | Steve Tarzia |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Steps To Reproduce: | Run a find on a sharded collection with maxTimeMS >= 2,147,484 and with allowPartialResults set. |
||||
| Sprint: | QE 2023-02-06 | ||||
| Participants: | |||||
| Linked BF Score: | 155 | ||||
| Description |
|
In cluster_find.cpp an int32_t is multiplied by 1000, which can cause overflow:
This leads to a tassert failure. The offending line of code was introduced after 6.2 was released in this commit, so this bug is only present on master, not on any released version. |
| Comments |
| Comment by Githook User [ 03/Feb/23 ] |
|
Author: {'name': 'Steve Tarzia', 'email': 'steve.tarzia@mongodb.com', 'username': 'starzia'}Message: |