Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-28838

Coverity analysis defect 101169: Wrapper object use after free

    • Type: Icon: Bug Bug
    • Resolution: Won't Fix
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Sharding
    • Fully Compatible
    • ALL
    • Sharding 2017-05-08

      An internal pointer of a wrapper object remains available after the object is freed

      Defect 101169 (STATIC_C)
      Checker WRAPPER_ESCAPE (subcategory none)
      File: /src/mongo/db/s/collection_range_deleter.cpp
      Function mongo::CollectionRangeDeleter::run()
      /src/mongo/db/s/collection_range_deleter.cpp, line: 78
      Assigning: "opCtx" = "mongo::ServiceContext::UniqueOperationContext(mongo::cc()->makeOperationContext(boost::optional<mongo::LogicalSessionId>(_INTERNAL_28_collection_range_deleter_cpp_8cd910ce::boost::none))).get()", which extracts wrapped state from temporary of type "mongo::ServiceContext::UniqueOperationContext".

              auto opCtx = cc().makeOperationContext().get();
      

      /src/mongo/db/s/collection_range_deleter.cpp, line: 78
      The internal representation of temporary of type "mongo::ServiceContext::UniqueOperationContext" is freed by its destructor.

              auto opCtx = cc().makeOperationContext().get();
      

      /src/mongo/db/s/collection_range_deleter.cpp, line: 81
      Using internal representation of destroyed object local "opCtx".

              bool hasNextRangeToClean = cleanupNextRange(opCtx, maxToDelete);
      

            Assignee:
            nathan.myers Nathan Myers
            Reporter:
            xgen-internal-coverity Coverity Collector User
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: