Enforce fillLockerInfo() resource type index bounds

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 6.2.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • Fully Compatible
    • ALL
    • Execution Team 2022-09-19
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Illegal address computation

      If this address is later used for bounds checking another pointer before dereferencing, an overrun may occur due to the weak guard. An illegal address is computed, which either precedes a buffer or is more than just-past its end
      /src/mongo/db/stats/fill_locker_info.cpp:51: OVERRUN 123188 Checking "lockType == mongo::RESOURCE_GLOBAL" implies that "lockType" is 1 on the true branch.
      /src/mongo/db/stats/fill_locker_info.cpp:51: OVERRUN 123188 Assigning: "index" = "(lockType == mongo::RESOURCE_GLOBAL) ? lock.resourceId.getHashId() : (4 + lockType - 1)". The value of "index" may now be up to 2305843009213693951.
      /src/mongo/db/stats/fill_locker_info.cpp:54: OVERRUN 123188 "modeForType[index]" evaluates to an address that is at byte offset 9223372036854775804 of an array of 36 bytes.

            Assignee:
            Haley Connelly
            Reporter:
            Coverity Collector User
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: