[SERVER-37379] Coverity analysis defect 105058: Dereference after null check Created: 28/Sep/18  Updated: 27/Oct/23  Resolved: 12/Apr/21

Status: Closed
Project: Core Server
Component/s: Aggregation Framework
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Coverity Collector User Assignee: Backlog - Query Execution
Resolution: Gone away Votes: 0
Labels: coverity, neweng, query-44-grooming
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Query Execution
Participants:

 Description   

Pointer is checked against null but then dereferenced anyway

Defect 105058 (STATIC_C)
Checker FORWARD_NULL (subcategory none)
File: /src/mongo/db/pipeline/pipeline_d.cpp
Function mongo::PipelineD::prepareExecutor(mongo::OperationContext *, mongo::Collection *, const mongo::NamespaceString &, mongo::Pipeline *, const boost::intrusive_ptr<mongo::ExpressionContext> &, bool, const boost::intrusive_ptr<mongo::DocumentSourceSort> &, std::unique_ptr<mongo::GroupFromFirstDocumentTransformation, std::default_delete<mongo::GroupFromFirstDocumentTransformation>>, const mongo::DepsTracker &, const mongo::BSONObj &, const mongo::AggregationRequest *, const unsigned long long &, mongo::BSONObj *, mongo::BSONObj *)
/src/mongo/db/pipeline/pipeline_d.cpp, line: 554
Comparing "sortObj" to null implies that "sortObj" might be null.

            auto swExecutorGrouped = attemptToGetExecutor(opCtx,

File: /src/mongo/db/pipeline/pipeline_d.cpp
Function mongo::PipelineD::prepareExecutor(mongo::OperationContext *, mongo::Collection *, const mongo::NamespaceString &, mongo::Pipeline *, const boost::intrusive_ptr<mongo::ExpressionContext> &, bool, const boost::intrusive_ptr<mongo::DocumentSourceSort> &, std::unique_ptr<mongo::GroupFromFirstDocumentTransformation, std::default_delete<mongo::GroupFromFirstDocumentTransformation>>, const mongo::DepsTracker &, const mongo::BSONObj &, const mongo::AggregationRequest *, const unsigned long long &, mongo::BSONObj *, mongo::BSONObj *)
/src/mongo/db/pipeline/pipeline_d.cpp, line: 554
Comparing "sortObj" to null implies that "sortObj" might be null.

            auto swExecutorGrouped = attemptToGetExecutor(opCtx,



 Comments   
Comment by Justin Seyster [ 01/Oct/18 ]

I guess that before my change, PipelineD::prepareExecutor() would assume that sortObj and sortStage are either both NULL or both not NULL, so we only ever needed a check on sortStage. Now, the code includes checks for each, and Coverity is rightly noting that we don't explicitly encode our assumptions about sortObj and sortStage anywhere.

Perhaps an invariant at the start of this if block (invariant(sortObj)) would improve clarity and silence this warning.

Comment by David Storch [ 01/Oct/18 ]

justin.seyster, Coverity likely picked this up due to your recent changes for SERVER-9507. A quick glance suggests that it could be a false positive. Can you take a look and put this back into "Needs Scheduling" when you have a conclusion about whether this should be fixed?

Generated at Thu Feb 08 04:45:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.