[SERVER-7446] $inc should handle negative overflow the same as positive overflow Created: 23/Oct/12  Updated: 11/Jul/16  Resolved: 19/Aug/13

Status: Closed
Project: Core Server
Component/s: Write Ops
Affects Version/s: None
Fix Version/s: 2.5.2

Type: Improvement Priority: Major - P3
Reporter: Aaron Staple Assignee: Unassigned
Resolution: Done Votes: 5
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-6399 Refactor update() code Closed
Backwards Compatibility: Fully Compatible
Participants:

 Description   

Right now if $inc would cause two positive ints to overflow, the result is converted to a long to prevent overflow. However, if two negative ints are added the result may overflow to a negative int.

Test

c = db.c;
 
c.drop();
c.save( { a:NumberInt( 0x7fffffff ) } );
c.update( {}, { $inc:{ a:NumberInt( 10000 ) } } );
// The sum of two positive ints is converted to a positive long on overflow.                                                                                                         
printjson( c.find().toArray() );
 
c.drop();
c.save( { a:NumberInt( 0xffffffff ) } );
c.update( {}, { $inc:{ a:NumberInt( -10000 ) } } );
// The sum of two negative ints overflows to a positive int.                                                                                                                         
printjson( c.find().toArray() );



 Comments   
Comment by auto [ 19/Aug/13 ]

Author:

{u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@10gen.com'}

Message: SERVER-7446 This was fixed as part of update refactor; add a regression test
Branch: master
https://github.com/mongodb/mongo/commit/342261c258f4bbcab04993a756f9d7d5534d8ff0

Comment by Andrew Morrow (Inactive) [ 19/Jul/13 ]

Hi -

We are currently working on changes to the update code path that will address this issue for 2.5, and we will evaluate fixing on earlier releases as well.

Thanks,
Andrew

Comment by Luciano Issoe [ 19/Jul/13 ]

This is a serious BUG and should be fixed back to 2.2 and 2.4 branches!!!!

Comment by Giuliano Caliari [ 19/Jul/13 ]

I agree with Flavio. We had a major problem in several user accounts because of this overflow.

Comment by Flavio da Silva Mori Junior [ 18/Jul/13 ]

Please upgrade the type to BUG and priority to Critical P2, because this issue can cause data loss.

Generated at Thu Feb 08 03:14:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.