[SERVER-28839] Coverity analysis defect 101168: Wrapper object use after free Created: 18/Apr/17  Updated: 08/Jan/24  Resolved: 28/Jun/17

Status: Closed
Project: Core Server
Component/s: JavaScript
Affects Version/s: None
Fix Version/s: 3.5.10

Type: Bug Priority: Major - P3
Reporter: Coverity Collector User Assignee: Andrew Morrow (Inactive)
Resolution: Fixed Votes: 0
Labels: coverity
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platforms 2017-07-10
Participants:

 Description   

An internal pointer of a wrapper object remains available after the object is freed

Defect 101168 (STATIC_C)
Checker WRAPPER_ESCAPE (subcategory none)
File: /src/mongo/scripting/mozjs/proxyscope.cpp
Function mongo::mozjs::MozJSProxyScope::implThread(void *)
/src/mongo/scripting/mozjs/proxyscope.cpp, line: 336
The internal representation of local "scope" escapes into "proxy->_implScope", but is destroyed when it exits scope.

            proxy->_implScope = scope.get();



 Comments   
Comment by Githook User [ 28/Jun/17 ]

Author:

{u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@mongodb.com'}

Message: SERVER-28839 Unbind the impl from the proxy before terminating the thread
Branch: master
https://github.com/mongodb/mongo/commit/b5aea02f2d5eed1e75cfde8cf5c7fb5f87bd4f7f

Generated at Thu Feb 08 04:19:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.