Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-2059

Topology component uses signed and unsigned types for localThresholdMS

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: 1.6.0
    • Component/s: libmongoc

      mongoc_topology_new() selects the "localThresholdMS" URI option as an int32_t, where it is assigned to an int64_t in the struct field.

      From there, it passes the value as an int64_t to mongoc_topology_description_select(). That int64_t is then passed as an size_t to mongoc_topology_description_suitable_servers(), which may also call _mongoc_try_mode_secondary() (also accepting a size_t).

      There seem to be two issues with this:

      • A negative "localThresholdMS" option parsed as a signed int32_t would be converted to a negative, signed int64_t value and possibly a very large unsigned size_t.
      • On a 32-bit system, a int64_t is being assigned to a possibly 32-bit size_t. Aside from a possible compiler warning, this might also lead to an unexpected assignment of a negative 64-bit value to an unsigned 32-bit value. I'm uncertain if the sign bit would simply be ignored, etc.

      The server selection spec does not outline a maximum value for "localThresholdMS", so I presume that is left to implementations. In that event, it might be reasonable to limit it to the maximum value of a signed 32-bit integer and always store it as a size_t after mongoc_topology_new() parses the URI option.

            Assignee:
            Unassigned Unassigned
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: