[SERVER-40142] Coverity analysis defect 112101: Double free Created: 14/Mar/19  Updated: 29/Oct/23  Resolved: 22/Mar/19

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: 4.1.10

Type: Bug Priority: Major - P3
Reporter: Coverity Collector User Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: coverity
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security 2019-03-25
Participants:

 Description   

Memory is deallocated more than once

Defect 112101 (STATIC_C)
Checker USE_AFTER_FREE (subcategory double_free)
File: /src/mongo/db/ftdc/block_compressor.cpp
Function mongo::BlockCompressor::compress(mongo::ConstDataRange)
/src/mongo/db/ftdc/block_compressor.cpp, line: 67
"deflateEnd" frees "stream.state". [Note: The source code implementation of the function has been overridden by a builtin model.]

            (void)deflateEnd(&stream);

/src/mongo/db/ftdc/block_compressor.cpp, line: 74
Calling "deflateEnd" frees pointer "stream.state" which has already been freed. [Note: The source code implementation of the function has been overridden by a builtin model.]

        err = deflateEnd(&stream);



 Comments   
Comment by Githook User [ 22/Mar/19 ]

Author:

{'name': 'Mark Benvenuto', 'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com'}

Message: SERVER-40142 Coverity analysis defect 112101: Double free
Branch: master
https://github.com/mongodb/mongo/commit/add02fb371a56a7802c31b643df5fd0c716f04c1

Comment by Eric Milkie [ 14/Mar/19 ]

Is calling deflateEnd() twice on the same stream legal?
Also I don't understand why we ignore the return status of the first call to deflateEnd() but check the return status of the second call. I guess we are never expecting deflate() to return Z_OK normally?

Generated at Thu Feb 08 04:54:08 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.