[SERVER-21641] Coverity analysis defect 76766: Out-of-bounds access Created: 23/Nov/15  Updated: 29/Nov/15  Resolved: 25/Nov/15

Status: Closed
Project: Core Server
Component/s: WiredTiger
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Coverity Collector User Assignee: Keith Bostic (Inactive)
Resolution: Done Votes: 0
Labels: coverity
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-21686 WiredTiger changes for 3.2.0-rc5 Closed
Related
is related to WT-2234 Coverity #1339897 and #1339898 Closed
Operating System: ALL
Participants:

 Description   

Out-of-bounds access to a buffer

Defect 76766 (STATIC_C)
Checker OVERRUN (subcategory none)
File: /src/third_party/wiredtiger/src/cursor/cur_join.c
Function __curjoin_entry_iter_init
/src/third_party/wiredtiger/src/cursor/cur_join.c, line: 40
Assigning: "config" = "&def_cfg[0]". "config" now points to element 0 of "def_cfg" (which consists of 2 8-byte elements).

    		config = &def_cfg[0];



 Comments   
Comment by Githook User [ 25/Nov/15 ]

Author:

{u'username': u'keithbostic', u'name': u'Keith Bostic', u'email': u'keith@wiredtiger.com'}

Message: Revert "SERVER-21641. Resolve Coverity complaint."

This reverts commit c9907c6289d81d79266f4e2ccd34c84c6bf19783.
Branch: develop
https://github.com/wiredtiger/wiredtiger/commit/1e094eeee8e353e93bf800ae4f897449b72adece

Comment by Githook User [ 25/Nov/15 ]

Author:

{u'username': u'ddanderson', u'name': u'Don Anderson', u'email': u'dda@ddanderson.com'}

Message: SERVER-21641. Resolve Coverity complaint.
Presumably __wt_config_gets_def's (conditional) reference of cfg[2] means
that cfg strings are de facto required to have at least 3 entries.
Branch: develop
https://github.com/wiredtiger/wiredtiger/commit/c9907c6289d81d79266f4e2ccd34c84c6bf19783

Comment by Keith Bostic (Inactive) [ 25/Nov/15 ]

xgen-internal-coverity, this defect is a false positive. Coverity doesn't like code that looks like this:

const char *cfg[] = { "xxx", NULL };
 
if (cfg == NULL || cfg[0] == NULL || cfg[1] == NULL)
        return (0);
                
if (cfg[2] == NULL) {
        WT_RET_NOTFOUND_OK(
            __wt_config_getones(session, cfg[1], key, value));
        return (0);
}

Coverity complains that cfg[2] is an out-of-bounds access, and unfortunately, WiredTiger uses this construct all over the place.

If there were some way to rewrite this so Coverity would quit complaining, that would be great.

Generated at Thu Feb 08 03:57:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.