[SERVER-28838] Coverity analysis defect 101169: Wrapper object use after free Created: 18/Apr/17  Updated: 29/Jan/18  Resolved: 18/Apr/17

Status: Closed
Project: Core Server
Component/s: Sharding
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Coverity Collector User Assignee: Nathan Myers
Resolution: Won't Fix Votes: 0
Labels: coverity
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-24367 Implement CollectionRangeDeleter task... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Sharding 2017-05-08
Participants:

 Description   

An internal pointer of a wrapper object remains available after the object is freed

Defect 101169 (STATIC_C)
Checker WRAPPER_ESCAPE (subcategory none)
File: /src/mongo/db/s/collection_range_deleter.cpp
Function mongo::CollectionRangeDeleter::run()
/src/mongo/db/s/collection_range_deleter.cpp, line: 78
Assigning: "opCtx" = "mongo::ServiceContext::UniqueOperationContext(mongo::cc()->makeOperationContext(boost::optional<mongo::LogicalSessionId>(_INTERNAL_28_collection_range_deleter_cpp_8cd910ce::boost::none))).get()", which extracts wrapped state from temporary of type "mongo::ServiceContext::UniqueOperationContext".

        auto opCtx = cc().makeOperationContext().get();

/src/mongo/db/s/collection_range_deleter.cpp, line: 78
The internal representation of temporary of type "mongo::ServiceContext::UniqueOperationContext" is freed by its destructor.

        auto opCtx = cc().makeOperationContext().get();

/src/mongo/db/s/collection_range_deleter.cpp, line: 81
Using internal representation of destroyed object local "opCtx".

        bool hasNextRangeToClean = cleanupNextRange(opCtx, maxToDelete);



 Comments   
Comment by Eric Milkie [ 18/Apr/17 ]

Can we please delete the code in the master branch then? Even though the code is "never executed", the fact that it isn't obvious just by looking at it (e.g. no comment or #if 0) leaves open the danger of someone copying this code into something that is actually executed.

Comment by Nathan Myers [ 18/Apr/17 ]

The code flagged is never executed in production, and has been replaced in 3.5.

Generated at Thu Feb 08 04:19:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.