SERVER-44064 Perform explicit cast on MessageCompressorManager parameter

Author: Adam Cooper

src/mongo/transport/message_compressor_manager.cpp

@@ -158,7 +158,10 @@ StatusWith<Message> MessageCompressorManager::decompressMessage(const Message& m
         return {ErrorCodes::BadValue, "Decompressed message would be negative in size"};
     }
 
-    size_t bufferSize = compressionHeader.uncompressedSize + MsgData::MsgDataHeaderSize;
+    // Explicitly promote `uncompressedSize` to a 64-bit integer before addition in order to
+    // avoid potential overflow.
+    size_t bufferSize =
+        static_cast<size_t>(compressionHeader.uncompressedSize) + MsgData::MsgDataHeaderSize;
     if (bufferSize > MaxMessageSizeBytes) {
         return {ErrorCodes::BadValue,
                 "Decompressed message would be larger than maximum message size"};

src/mongo/transport/message_compressor_manager_test.cpp

@@ -343,6 +343,26 @@ TEST(MessageCompressorManager, MessageSizeTooLarge) {
     ASSERT_NOT_OK(status);
 }
 
+TEST(MessageCompressorManager, MessageSizeMax32Bit) {
+    auto registry = buildRegistry();
+    MessageCompressorManager compManager(&registry);
+
+    auto badMessageBuffer = SharedBuffer::allocate(128);
+    MsgData::View badMessage(badMessageBuffer.get());
+    badMessage.setId(1);
+    badMessage.setResponseToMsgId(0);
+    badMessage.setOperation(dbCompressed);
+    badMessage.setLen(128);
+
+    DataRangeCursor cursor(badMessage.data(), badMessage.data() + badMessage.dataLen());
+    cursor.writeAndAdvance<LittleEndian<int32_t>>(dbQuery);
+    cursor.writeAndAdvance<LittleEndian<int32_t>>(std::numeric_limits<int32_t>::max());
+    cursor.writeAndAdvance<LittleEndian<uint8_t>>(registry.getCompressor("noop")->getId());
+
+    auto status = compManager.decompressMessage(Message(badMessageBuffer), nullptr).getStatus();
+    ASSERT_NOT_OK(status);
+}
+
 TEST(MessageCompressorManager, MessageSizeTooSmall) {
     auto registry = buildRegistry();
     MessageCompressorManager compManager(&registry);