Major - P3 There issues were reported by a Coverity scan of the driver code:
16186 Dereference null return value If the function actually returns a null value, a NullPointerException will be thrown. In com.mongodb.ReplicaSetStatus.isMaster(com.mongodb.ServerAddress): Return value of function which returns null is dereferenced without checking (CWE-476) 99028 Missing call to superclass Whatever action the superclass method implements will not occur, if the superclass call is actually required. In com.mongodb.binding.SingleServerBinding$SingleServerBindingConnectionSource.release(): Overrider does not call the superclass method, even though most other overriders do (CWE-573) 99031 Unguarded read The value of the shared data will be determined by the interleaving of thread execution. In com.mongodb.async.client.AbstractSubscription.getRequested(): Thread shared data is accessed without holding an appropriate lock, possibly causing a race condition (CWE-366) 99034 Using invalid iterator A concurrent modification exception may result, the container may be corrupted, or the iterator may return incorrect data. In com.mongodb.connection.MultiServerCluster.removeExtraHosts(com.mongodb.connection.ServerDescription): An iterator is being used after the source container of the iterator is modified (CWE-573) 99036 Dereference null return value If the function actually returns a null value, a NullPointerException will be thrown. In com.mongodb.connection.SaslAuthenticator$1.run(): Return value of function which returns null is dereferenced without checking (CWE-476) 99041 Resource leak The system resource will not be reclaimed and reused, reducing the future availability of the resource. In com.mongodb.connection.ReplyMessage.ReplyMessage(com.mongodb.connection.ResponseBuffers, org.bson.codecs.Decoder, long): Leak of a system resource (CWE-404) 99042 Volatile not atomically updated Some updates to the volatile variable may be lost, depending on the interleaving of thread execution. In com.mongodb.operation.AsyncQueryBatchCursor.AsyncQueryBatchCursor(com.mongodb.connection.QueryResult, int, int, long, org.bson.codecs.Decoder, com.mongodb.binding.AsyncConnectionSource, com.mongodb.connection.AsyncConnection): A volatile variable is updated in a non-atomic manner (CWE-366) 99044 FS: Format string problem In DocTaglet.toString(com.sun.javadoc.Tag[]): This format string include a newline character (\n). (From FindBugs™ description) 102372 Resource leak The system resource will not be reclaimed and reused, reducing the future availability of the resource. In com.mongodb.internal.dns.DnsResolver.resolveAdditionalQueryParametersFromTxtRecords(java.lang.String): Leak of a system resource (CWE-404) 102384 Dereference before null check There may be a null pointer exception, or else the comparison against null is unnecessary. In com.mongodb.connection.CommandMessage.addDocumentWithPayload(org.bson.io.BsonOutput, int): All paths that lead to this null pointer comparison already dereference the pointer earlier (CWE-476) 102385 Dereference null return value If the function actually returns a null value, a NullPointerException will be thrown. In com.mongodb.connection.BaseCluster.createIncompatibleException(com.mongodb.connection.ClusterDescription): Return value of function which returns null is dereferenced without checking (CWE-476)
- links to