BugZero | MongoDB BugID 1707237 - Unchecked conversion from double to int in mongo s...

MongoDB - Defect ID: 1707237

Unchecked conversion from double to int in mongo shell may result in UB

MongoDB - Defect ID: 1707237

Unchecked conversion from double to int in mongo shell may result in UB

Last updated on October 29th, 2023

BugZero Risk Score
6.2 Medium

Overall: 6.2

Severity: 6.4

Community: 5.5

Lifecycle: 9.1

What is the BugZero Risk Score?

MongoDB Integration

Learn more about where this data comes from

MongoDB Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Major - P3
Status: Closed
Views: 1

Description

Info

The following line converts a double (from user input) to int without any kind of bounds check. If the double cannot be represented by an int, this is undefined behavior. Example: db.c.find(BinData(18446744073709552000, 'AAA=')) The BinData subtype is only one byte, so we should just ensure the value is between 0 and 255 before doing the cast.

Top User Comments

xgen-internal-githook commented on Mon, 10 May 2021 16:09:42 +0000: Author: {'name': 'Ian Boros', 'email': 'ian.boros@mongodb.com', 'username': 'puppyofkosh'} Message: SERVER-56777 Fix UB in valuewriter Branch: master https://github.com/mongodb/mongo/commit/e6292a194c58d086caa1f62310491a220dda1854

Steps to Reproduce

Change history

No changes to display

Links

Relevant Products

Click on a version to see all relevant bugs

Affected versions:No known affected versions

Fixed versions: 5.0.0-rc0

Relevant Products

Click on a version to see all relevant bugs

Affected versions:No known affected versions

Fixed versions: 5.0.0-rc0

Top MongoDB Defects

8.4Defect ID: 3431051
MongoDB config server will crash in a cluster which is upgrade from 6.0 version
5.5Defect ID: 3456010
Fix TSAN variant task factor overrides to use regex matching for all enterprise-rhel8-debug-tsan variants
5.5Defect ID: 3448150
Update etc/extensions.yml for mongot-extension v1.0.2
5.5Defect ID: 3437084
agg_list_cluster_catalog.js times out if config.system.profile exists from a previous test
5.5Defect ID: 3439952
Add incompatible_ppc tag to sharding_stepdown_fcv_upgrade_downgrade_jscore_passthrough

Ready to prevent the next vendor outage?

Get a demo

MongoDB - Defect ID: 1707237

Unchecked conversion from double to int in mongo shell may result in UB

MongoDB - Defect ID: 1707237

Unchecked conversion from double to int in mongo shell may result in UB

Last updated on October 29th, 2023

BugZero Risk Score6.2 Medium

Bug Details

Info

Top User Comments

Steps to Reproduce

Links

Top MongoDB Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.2 Medium