diff options
| author | Adam Cooper <adam.cooper@mongodb.com> | 2019-10-25 23:05:50 +0000 |
|---|---|---|
| committer | evergreen <evergreen@mongodb.com> | 2019-10-25 23:05:50 +0000 |
| commit | 2d650759fa1fd27ed93646bbdf3a9aa51650e997 (patch) | |
| tree | f994f20f040a4a14ee6476c09943461de7e1f684 /src/mongo | |
| parent | 75e89cb9cb05c3717ef9929694ec2cbe0873db90 (diff) | |
| download | mongo-2d650759fa1fd27ed93646bbdf3a9aa51650e997.tar.gz | |
SERVER-44064 Perform explicit cast on MessageCompressorManager parameter
Diffstat (limited to 'src/mongo')
| -rw-r--r-- | src/mongo/transport/message_compressor_manager.cpp | 5 | ||||
| -rw-r--r-- | src/mongo/transport/message_compressor_manager_test.cpp | 20 |
2 files changed, 24 insertions, 1 deletions
diff --git a/src/mongo/transport/message_compressor_manager.cpp b/src/mongo/transport/message_compressor_manager.cpp index 0ccd856ad23..5f0c5cb4d23 100644 --- a/src/mongo/transport/message_compressor_manager.cpp +++ b/src/mongo/transport/message_compressor_manager.cpp @@ -158,7 +158,10 @@ StatusWith<Message> MessageCompressorManager::decompressMessage(const Message& m return {ErrorCodes::BadValue, "Decompressed message would be negative in size"}; } - size_t bufferSize = compressionHeader.uncompressedSize + MsgData::MsgDataHeaderSize; + // Explicitly promote `uncompressedSize` to a 64-bit integer before addition in order to + // avoid potential overflow. + size_t bufferSize = + static_cast<size_t>(compressionHeader.uncompressedSize) + MsgData::MsgDataHeaderSize; if (bufferSize > MaxMessageSizeBytes) { return {ErrorCodes::BadValue, "Decompressed message would be larger than maximum message size"}; diff --git a/src/mongo/transport/message_compressor_manager_test.cpp b/src/mongo/transport/message_compressor_manager_test.cpp index ffffebb0c2b..e0c58b44d63 100644 --- a/src/mongo/transport/message_compressor_manager_test.cpp +++ b/src/mongo/transport/message_compressor_manager_test.cpp @@ -343,6 +343,26 @@ TEST(MessageCompressorManager, MessageSizeTooLarge) { ASSERT_NOT_OK(status); } +TEST(MessageCompressorManager, MessageSizeMax32Bit) { + auto registry = buildRegistry(); + MessageCompressorManager compManager(®istry); + + auto badMessageBuffer = SharedBuffer::allocate(128); + MsgData::View badMessage(badMessageBuffer.get()); + badMessage.setId(1); + badMessage.setResponseToMsgId(0); + badMessage.setOperation(dbCompressed); + badMessage.setLen(128); + + DataRangeCursor cursor(badMessage.data(), badMessage.data() + badMessage.dataLen()); + cursor.writeAndAdvance<LittleEndian<int32_t>>(dbQuery); + cursor.writeAndAdvance<LittleEndian<int32_t>>(std::numeric_limits<int32_t>::max()); + cursor.writeAndAdvance<LittleEndian<uint8_t>>(registry.getCompressor("noop")->getId()); + + auto status = compManager.decompressMessage(Message(badMessageBuffer), nullptr).getStatus(); + ASSERT_NOT_OK(status); +} + TEST(MessageCompressorManager, MessageSizeTooSmall) { auto registry = buildRegistry(); MessageCompressorManager compManager(®istry); |