Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-4207

Coverity #1394567: null pointer dereference

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6.9, 4.0.2, 4.1.2, WT3.2.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      Storage Engines 2018-07-30, Storage Engines 2018-08-13

      Description

      ** CID 1394567:  Null pointer dereferences  (FORWARD_NULL)
      /src/log/log.c: 1908 in __log_has_hole()
       
      *** CID 1394567:  Null pointer dereferences  (FORWARD_NULL)
      /src/log/log.c: 1908 in __log_has_hole()
      1902                            /*
      1903                             * Find where the next log record starts after the
      1904                             * hole.
      1905                             */
      1906                            for (p = buf, buf_left = rdlen; buf_left > 0;
      1907                                 buf_left -= rdlen, p += rdlen) {
      >>>     CID 1394567:  Null pointer dereferences  (FORWARD_NULL)
      >>>     Dereferencing null pointer "log".
      1908                                    rdlen = WT_MIN(log->allocsize, buf_left);
      1909                                    if (memcmp(p, zerobuf, rdlen) != 0)
      1910                                            break;
      1911                            }
      1912                            /*
      1913                             * A presumed log record begins here where the buffer
      

      Donald Anderson, Coverity thinks that because there's a check for log == NULL earlier in the function, there's a risk of a NULL dereference here. The earlier check is:

      /*
       * It can be very slow looking for the last real record in the log
       * in very small chunks.  Walk a megabyte at a time.  If we find a
       * part of the log that is not just zeroes we know this log file
       * has a hole in it.
       */
      buf = zerobuf = NULL;
      if (log == NULL || log->allocsize < WT_MEGABYTE)
              bufsz = WT_MEGABYTE;
      else
              bufsz = log->allocsize;
      

      I'm assuming this is yours since the check was just merged into develop.

      cc: [~alexander.gorrod@mongodb.com]

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              donald.anderson Donald Anderson
              Reporter:
              keith.bostic Keith Bostic
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: