Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.8.0, 4.4.2, 4.2.11, 4.0.21, 3.6.21
Affects Version/s: None
Component/s: None
Labels:

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.4, v4.2, v4.0, v3.6
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Wrapper object use after free

A use after free bug would occur if the internal pointer is used. An internal pointer of a wrapper object remains available after the object is freed
/src/mongo/db/pipeline/document_source_list_local_sessions.cpp:46: WRAPPER_ESCAPE 114987 Calling "back" which extracts wrapped state from "this->_ids".
/src/mongo/db/pipeline/document_source_list_local_sessions.cpp:46: WRAPPER_ESCAPE 114987 Assigning: "id" = "this->_ids.back()".
/src/mongo/db/pipeline/document_source_list_local_sessions.cpp:47: WRAPPER_ESCAPE 114987 Calling "pop_back" invalidates the internal representation of "this->_ids".
/src/mongo/db/pipeline/document_source_list_local_sessions.cpp:49: WRAPPER_ESCAPE 114987 Using invalidated internal representation of "this->_ids".

is related to

SERVER-49363 Triage Coverity Issues for Query code base

Closed

Assignee:: Arun Banala
Reporter:: Coverity Collector User
Participants:: Arun Banala, Coverity Collector User, Githook User
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Sep 09 2020 04:12:42 PM UTC
Updated:: Oct 29 2023 10:03:28 PM UTC
Resolved:: Sep 18 2020 07:13:29 AM UTC

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates