Info
The following line converts a double (from user input) to int without any kind of bounds check. If the double cannot be represented by an int, this is undefined behavior.
Example:
db.c.find(BinData(18446744073709552000, 'AAA='))
The BinData subtype is only one byte, so we should just ensure the value is between 0 and 255 before doing the cast.
Top User Comments
xgen-internal-githook commented on Mon, 10 May 2021 16:09:42 +0000:
Author:
{'name': 'Ian Boros', 'email': 'ian.boros@mongodb.com', 'username': 'puppyofkosh'}
Message: SERVER-56777 Fix UB in valuewriter
Branch: master
https://github.com/mongodb/mongo/commit/e6292a194c58d086caa1f62310491a220dda1854
