Limit SmallerIntegerFields to 32-bit values

timgraham · timgraham · commit 1305df5dcade · 2025-08-08T20:02:06.000-04:00
diff --git a/django_mongodb_backend/operations.py b/django_mongodb_backend/operations.py
@@ -248,13 +248,15 @@ def explain_query_prefix(self, format=None, **options):
         return validated_options
 
     def integer_field_range(self, internal_type):
-        # MongODB doesn't enforce any integer constraints, but it supports
-        # integers up to 64 bits.
-        if internal_type in {
-            "PositiveBigIntegerField",
-            "PositiveIntegerField",
-            "PositiveSmallIntegerField",
-        }:
+        # MongoDB doesn't enforce any integer constraints, but the
+        # SmallIntegerFields use "int" for unique constraints which is limited
+        # to 32 bits.
+        if internal_type == "PositiveSmallIntegerField":
+            return (0, 2147483647)
+        if internal_type == "SmallIntegerField":
+            return (-2147483648, 2147483647)
+        # Other fields use "long" which supports up to 64 bits.
+        if internal_type in {"PositiveBigIntegerField", "PositiveIntegerField"}:
             return (0, 9223372036854775807)
         return (-9223372036854775808, 9223372036854775807)
 
diff --git a/docs/source/ref/models/fields.rst b/docs/source/ref/models/fields.rst
@@ -20,6 +20,14 @@ A few notes about some of the other fields:
   (rather than microsecond like most other databases), and correspondingly,
   :class:`~django.db.models.DurationField` stores milliseconds rather than
   microseconds.
+- :class:`~django.db.models.SmallIntegerField` and
+  :class:`~django.db.models.PositiveSmallIntegerField` support 32 bit values
+  (ranges ``(-2147483648, 2147483647)`` and ``(0, 2147483647)``, respectively),
+  validated only by forms and model validation. Be careful because MongoDB
+  doesn't prohibit inserting values outside of the supported range and unique
+  constraints don't work for values outside of the 32-bit range of the BSON
+  ``int`` type.
+
 
 MongoDB-specific model fields
 =============================
diff --git a/docs/source/releases/5.2.x.rst b/docs/source/releases/5.2.x.rst
@@ -20,6 +20,9 @@ New features
 Backwards incompatible changes
 ------------------------------
 
+- :class:`django.db.models.SmallIntegerField` and
+  :class:`django.db.models.PositiveSmallIntegerField` are now limited to 32 bit
+  values in forms and model validation.
 - Removed support for database caching as the MongoDB security team considers the cache
   backend's ``pickle`` encoding of cached values a vulnerability. If an attacker
   compromises the database, they could run arbitrary commands on the application
diff --git a/tests/model_fields_/test_integerfield.py b/tests/model_fields_/test_integerfield.py
@@ -1,3 +1,4 @@
+from django.core.exceptions import ValidationError
 from django.db import IntegrityError
 from django.test import TestCase
 
@@ -30,9 +31,22 @@ def test_unique_min_value(self):
         with self.assertRaises(IntegrityError):
             Integers.objects.create(small=self.min_value)
 
+    def test_validate_max_value(self):
+        Integers(small=self.max_value).full_clean()  # no error
+        msg = "{'small': ['Ensure this value is less than or equal to 2147483647.']"
+        with self.assertRaisesMessage(ValidationError, msg):
+            Integers(small=self.max_value + 1).full_clean()
+
+    def test_validate_min_value(self):
+        Integers(small=self.min_value).full_clean()  # no error
+        msg = "{'small': ['Ensure this value is greater than or equal to -2147483648.']"
+        with self.assertRaisesMessage(ValidationError, msg):
+            Integers(small=self.min_value - 1).full_clean()
+
 
 class PositiveSmallIntegerFieldTests(TestCase):
     max_value = 2**31 - 1
+    min_value = 0
 
     def test_unique_max_value(self):
         """
@@ -47,3 +61,15 @@ def test_unique_max_value(self):
 
     # test_unique_min_value isn't needed since PositiveSmallIntegerField has a
     # limit of zero (enforced only in forms and model validation).
+
+    def test_validate_max_value(self):
+        Integers(positive_small=self.max_value).full_clean()  # no error
+        msg = "{'positive_small': ['Ensure this value is less than or equal to 2147483647.']"
+        with self.assertRaisesMessage(ValidationError, msg):
+            Integers(positive_small=self.max_value + 1).full_clean()
+
+    def test_validate_min_value(self):
+        Integers(positive_small=self.min_value).full_clean()  # no error
+        msg = "{'positive_small': ['Ensure this value is greater than or equal to 0.']"
+        with self.assertRaisesMessage(ValidationError, msg):
+            Integers(positive_small=self.min_value - 1).full_clean()
