[SERVER-54832] [SBE] Coverity analysis defect 117733: Dereference null return value Created: 26/Feb/21  Updated: 29/Oct/23  Resolved: 05/Mar/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.9.0

Type: Improvement Priority: Major - P3
Reporter: Coverity Collector User Assignee: David Storch
Resolution: Fixed Votes: 0
Labels: coverity, neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Sprint: Query Execution 2021-03-22
Participants:

 Description   

Dereference null return value

If the function actually returns a null value, a null pointer dereference will occur. Return value of function which returns null is dereferenced without checking
/src/mongo/db/query/sbe_stage_builder_index_scan.cpp:691: NULL_RETURNS 117733 Assigning: "descriptor" = "nullptr" return value from "findIndexByName".



 Comments   
Comment by Githook User [ 05/Mar/21 ]

Author:

{'name': 'David Storch', 'email': 'david.storch@mongodb.com', 'username': 'dstorch'}

Message: SERVER-54832 make SBE stage builder tassert() that index exists in catalog
Branch: master
https://github.com/mongodb/mongo/commit/a6b5cdc3fa1722ea241a3d1ff9575a82e4a46081

Comment by David Storch [ 05/Mar/21 ]

I think the SBE stage builder can safely assume that findIndexByName() should return a non-null descriptor. I will propose an improvement for this ticket which checks this explicitly with a tassert() as Kyle suggests.

Comment by Kyle Suarez [ 26/Feb/21 ]

The actual implementation of findIndexByName() can legitimately return nullptr. Even if we think that case "shouldn't happen", we should make that explicit with an invariant that descriptor is non-null.

Generated at Thu Feb 08 05:34:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.