|
My understanding is that coverity is seeing this block to learn that args.deletedDoc can be null:
if (args.deletedDoc && !oplogEntry.getNeedsRetryImage()) {
|
// If we have a deletedDoc preImage and we're not writing it to
|
// `config.image_collection`, instead write it to the oplog.
|
deletedDocForOplog = {*(args.deletedDoc)};
|
}
|
However the dereference here does not also check whether the pointer is null:
if (oplogEntry.getNeedsRetryImage()) {
|
writeToImageCollection(opCtx,
|
*opCtx->getLogicalSessionId(),
|
opTime.writeOpTime.getTimestamp(),
|
repl::RetryImageEnum::kPreImage,
|
*(args.deletedDoc));
|
}
|
The flaw in coverity's logic is that args.deletedDoc is dependent on oplogEntry.getNeedsRetryImage. We can add an invariant(args.deletedDoc); (which would presumably satisfy coverity) inside the previous `then` block, but that was intentionally omitted. It was deemed redundant with the fact that the nullptr derefence would also (appropriately) crash the system.
|