Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.8.0, 4.4.2, 4.2.11, 4.0.21, 3.6.21
Affects Version/s: None
Component/s: None
Labels:

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.4, v4.2, v4.0, v3.6

Wrapper object use after free

A use after free bug would occur if the internal pointer is used. An internal pointer of a wrapper object remains available after the object is freed
/src/mongo/db/pipeline/document_source_list_local_sessions.cpp:46: WRAPPER_ESCAPE 114987 Calling "back" which extracts wrapped state from "this->_ids".
/src/mongo/db/pipeline/document_source_list_local_sessions.cpp:46: WRAPPER_ESCAPE 114987 Assigning: "id" = "this->_ids.back()".
/src/mongo/db/pipeline/document_source_list_local_sessions.cpp:47: WRAPPER_ESCAPE 114987 Calling "pop_back" invalidates the internal representation of "this->_ids".
/src/mongo/db/pipeline/document_source_list_local_sessions.cpp:49: WRAPPER_ESCAPE 114987 Using invalidated internal representation of "this->_ids".

is related to

SERVER-49363 Triage Coverity Issues for Query code base

Closed

Assignee:: Arun Banala

Reporter:: Coverity Collector User

Participants:: Arun Banala, Coverity Collector User, Githook User

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: Sep 09 2020 04:12:42 PM UTC

Updated:: Oct 29 2023 10:03:28 PM UTC

Resolved:: Sep 18 2020 07:13:29 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates