[CDRIVER-4698] Coverity analysis defect 133796: Remove excess duplicate call Created: 25/Jul/23  Updated: 28/Oct/23  Resolved: 27/Jul/23

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.25.0

Type: Improvement Priority: Minor - P4
Reporter: Coverity Collector User Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to CDRIVER-4454 Support the Azure VM-assigned Managed... Closed

 Description   

Double free

Depending on the implementation of the deallocator function, the memory may by placed on the free list more than once. Memory is deallocated more than once
/src/libmongoc/src/mongoc/mcd-azure.c:209: USE_AFTER_FREE 133796 Calling "_mongoc_http_response_cleanup" frees pointer "resp.body" which has already been freed.



 Comments   
Comment by Githook User [ 25/Jul/23 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-4698 remove excess duplicate call (#1357)

This is not a bug. The duplicate call to `_mongoc_http_response_cleanup` does not currently result in a double free.
Nonetheless, the duplicate call may result in a double free if the implementation of `_mongoc_http_send` changes in the future.
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/7c49ae2cc62c6c5dafd7e65bc89e0cecc6f47cc7

Comment by Kevin Albertson [ 25/Jul/23 ]

This issue was flagged by Coverity as a possible "Double free". But I expect the duplicate call to _mongoc_http_response_cleanup does not result in a double free.

_mongoc_http_send zeroes the output res. Fields in res are set at the end of the call when success is guaranteed.

Nonetheless, removing the duplicate call to _mongoc_http_response_cleanup seems like an improvement. If future changes result in _mongoc_http_send possibly failing after setting fields in res, this may result in a double free.

Comment by PM Bot [ 25/Jul/23 ]

Hi xgen-internal-coverity, thank you for reporting this issue! The team will look into it and get back to you soon.

Comment by Coverity Collector User [ 25/Jul/23 ]

A new defect has been detected and assigned to kevin.albertson@mongodb.com in Coverity Connect.
http://coverity.mongodb.com/query/defects.htm?project=C+Driver&cid=133796
The defect was flagged by checker USE_AFTER_FREE in
file /src/libmongoc/src/mongoc/mcd-azure.c
function mcd_azure_access_token_from_imds
and this ticket was created by kevin.albertson@mongodb.com

Generated at Wed Feb 07 21:21:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.