Skip to content

CDRIVER-5681 Address potential buffer overflow when writing null terminator after decimal128 significand digits #1719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Sep 10, 2024
Merged

CDRIVER-5681 Address potential buffer overflow when writing null terminator after decimal128 significand digits #1719

merged 8 commits into from
Sep 10, 2024

Conversation

eramongodb
Copy link
Contributor

Resolves CDRIVER-5681. See ticket for details.

@eramongodb eramongodb requested a review from kevinAlbs September 5, 2024 15:54
@eramongodb eramongodb self-assigned this Sep 5, 2024
@eramongodb eramongodb changed the title CDRIVER-5681 Address off-by-one when writing null terminator after decimal128 significand digits CDRIVER-5681 Address potential buffer overflow when writing null terminator after decimal128 significand digits Sep 5, 2024
kevinAlbs
kevinAlbs approved these changes Sep 5, 2024
View reviewed changes
Copy link
Collaborator

@kevinAlbs kevinAlbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch. LGTM.

Suggest adding a regression test, in case bson_decimal128_to_string is modified again in the future.

eramongodb
eramongodb commented Sep 6, 2024
View reviewed changes
src/libbson/tests/test-decimal128.c Outdated
Comment on lines 138 to 142
// 0.0000010384593717069655257060992658440191
DECIMAL128_FROM_ULLS (untruncated_significand, 0x2ff1ffffffffffff, 0xffffffffffffffff);

// -0.000001038459371706965525706099265844019
DECIMAL128_FROM_ULLS (truncated_significand, 0xaff1ffffffffffff, 0xffffffffffffffff);
Copy link
Contributor Author

@eramongodb eramongodb Sep 6, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After much effort trying (and failing) to craft a human-readable/easily-understandable test case for this bug, it is now unclear to me whether this "significand truncation" behavior is even the correct behavior to begin with. I am having great difficulty finding any detailed specification or reference for the decimal128 (BID) -> string conversion algorithm against which the results can be compared. Nevertheless, I added an untruncated_significand test case to hopefully make clear how the inclusion of the negative sign leads to the omission of the trailing 1 digit at the end due to length limitations.

@eramongodb
Copy link
Contributor Author

Added annotations for values where inexact rounding errors may occur when attempting to convert the string representation to a Decimal128 value. On that note, added missing assertions of the return value of bson_decimal128_from_string*() and converted BSON_ASSERT -> ASSERT for better error messages on assertion failure.

vector-of-bool
vector-of-bool approved these changes Sep 10, 2024
View reviewed changes
Copy link
Contributor

@vector-of-bool vector-of-bool left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eramongodb eramongodb merged commit 8a85033 into mongodb:master Sep 10, 2024
39 of 48 checks passed
@eramongodb eramongodb deleted the cdriver-5681 branch September 10, 2024 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevinAlbs kevinAlbs kevinAlbs approved these changes

@vector-of-bool vector-of-bool vector-of-bool approved these changes

Assignees

@eramongodb eramongodb

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eramongodb @kevinAlbs @vector-of-bool