[SERVER-50193] Coverity analysis defect 116145: Out-of-bounds access Created: 08/Aug/20 Updated: 27/Oct/23 Resolved: 17/Aug/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Querying |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Coverity Collector User | Assignee: | Anton Korshunov |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | coverity, qexec-team | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL |
| Sprint: | Query 2020-08-24 |
| Participants: |
| Description |
|
Out-of-bounds access Memory not owned by this buffer will be accessed, causing memory corruption or incorrect computations. Access of memory past the end of a memory buffer |
| Comments |
| Comment by Anton Korshunov [ 17/Aug/20 ] |
|
bernard.gorman Correct, for strings <= 7 characters we store it directly in a unit64_t Value, so this code fragment is legit. Marking it as Intentional. |
| Comment by Bernard Gorman [ 15/Aug/20 ] |
|
Coverity is complaining that getSmallStringView returns a char* to the address of the passed uint64_t Value, and then treats that char* as an "array" for the purposes of constructing a debug string - in contrast to e.g. getBigStringView, which directly reinterprets the uint64_t Value as a char*. My assumption is that in the case of TypeTags::StringSmall, the uint64_t Value actually contains a string of <= 7 characters, while for TypeTags::StringBig the uint64_t Value is the address of the string in memory. Passing this over to anton.korshunov to confirm. If this isn't actually a bug, please mark it as Classification: Intentional and Action: Ignore. |