-
Type:
Task
-
Resolution: Done
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
Execution Team 2022-08-08, Execution Team 2022-08-22
-
138
BSONElement methods numberLong and numberInt are used in dozens of places in the codebase, but it's not clear a priori which uses might actually be problematic. If used on a NumberDouble with a NaN value, they simply cast to the desired type, and this can result in undefined behavior that differs depending on the platform. If we know that the type of element is the matching type, then we can safely use these methods to extract it. In many cases, this holds, either where we've already checked the type explicitly, or we know that we constructed this value to be a specific type because it's for internal use and we have a schema for these documents. But in some cases, we probably are just using these methods mistakenly to deal with input of unknown type, when we should be checking the type explicitly.
We are already aware of some issues (e.g. SERVER-68359), but more problematic uses could still be lingering, and we should audit the codebase.
- is related to
-
SERVER-26148 Commands should convert integers from user input safely
-
- Backlog
-
- related to
-
-
- Backlog
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
SERVER-68705 Refactor BSONElement API to avoid unsafe implicit type conversion
-
- Backlog
-
-
-
- Closed
-