diff options
| author | Adam Cooper <adam.cooper@mongodb.com> | 2019-10-18 15:55:50 +0000 |
|---|---|---|
| committer | evergreen <evergreen@mongodb.com> | 2019-10-18 15:55:50 +0000 |
| commit | ffc6e38bc90750cc639317fc713e7bc4e0bf596e (patch) | |
| tree | 677031f3d7896f1fe2c5380a418af2bce00f7081 /src | |
| parent | 21d3803a7a59644a5191849f150b9d57af383066 (diff) | |
| download | mongo-ffc6e38bc90750cc639317fc713e7bc4e0bf596e.tar.gz | |
SERVER-44064 Perform explicit cast on MessageCompressorManager parameter
Diffstat (limited to 'src')
| -rw-r--r-- | src/mongo/transport/message_compressor_manager.cpp | 5 | ||||
| -rw-r--r-- | src/mongo/transport/message_compressor_manager_test.cpp | 20 |
2 files changed, 24 insertions, 1 deletions
diff --git a/src/mongo/transport/message_compressor_manager.cpp b/src/mongo/transport/message_compressor_manager.cpp index 0ccd856ad23..5f0c5cb4d23 100644 --- a/src/mongo/transport/message_compressor_manager.cpp +++ b/src/mongo/transport/message_compressor_manager.cpp @@ -158,7 +158,10 @@ StatusWith<Message> MessageCompressorManager::decompressMessage(const Message& m return {ErrorCodes::BadValue, "Decompressed message would be negative in size"}; } - size_t bufferSize = compressionHeader.uncompressedSize + MsgData::MsgDataHeaderSize; + // Explicitly promote `uncompressedSize` to a 64-bit integer before addition in order to + // avoid potential overflow. + size_t bufferSize = + static_cast<size_t>(compressionHeader.uncompressedSize) + MsgData::MsgDataHeaderSize; if (bufferSize > MaxMessageSizeBytes) { return {ErrorCodes::BadValue, "Decompressed message would be larger than maximum message size"}; diff --git a/src/mongo/transport/message_compressor_manager_test.cpp b/src/mongo/transport/message_compressor_manager_test.cpp index cc39e7085c4..c5c5f05f8a0 100644 --- a/src/mongo/transport/message_compressor_manager_test.cpp +++ b/src/mongo/transport/message_compressor_manager_test.cpp @@ -343,6 +343,26 @@ TEST(MessageCompressorManager, MessageSizeTooLarge) { ASSERT_NOT_OK(status); } +TEST(MessageCompressorManager, MessageSizeMax32Bit) { + auto registry = buildRegistry(); + MessageCompressorManager compManager(®istry); + + auto badMessageBuffer = SharedBuffer::allocate(128); + MsgData::View badMessage(badMessageBuffer.get()); + badMessage.setId(1); + badMessage.setResponseToMsgId(0); + badMessage.setOperation(dbCompressed); + badMessage.setLen(128); + + DataRangeCursor cursor(badMessage.data(), badMessage.data() + badMessage.dataLen()); + cursor.writeAndAdvance<LittleEndian<int32_t>>(dbQuery); + cursor.writeAndAdvance<LittleEndian<int32_t>>(std::numeric_limits<int32_t>::max()); + cursor.writeAndAdvance<LittleEndian<uint8_t>>(registry.getCompressor("noop")->getId()); + + auto status = compManager.decompressMessage(Message(badMessageBuffer), nullptr).getStatus(); + ASSERT_NOT_OK(status); +} + TEST(MessageCompressorManager, MessageSizeTooSmall) { auto registry = buildRegistry(); MessageCompressorManager compManager(®istry); |