[SERVER-61271] Coverity analysis defect 121112: Dereference before null check Created: 05/Nov/21  Updated: 29/Oct/23  Resolved: 16/Nov/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.2.0

Type: Bug Priority: Major - P3
Reporter: Coverity Collector User Assignee: Justin Seyster
Resolution: Fixed Votes: 0
Labels: coverity
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File Screen Shot 2021-11-09 at 9.40.50 AM.png    
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: QE 2021-11-15, QE 2021-11-29
Participants:

 Description   

Dereference before null check

There may be a null pointer dereference, or else the comparison against null is unnecessary. All paths that lead to this null pointer comparison already dereference the pointer earlier
/src/mongo/db/query/sbe_runtime_planner.cpp:123: REVERSE_INULL 121112 Null-checking "candidate" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.



 Comments   
Comment by Githook User [ 15/Nov/21 ]

Author:

{'name': 'Justin Seyster', 'email': 'justin.seyster@mongodb.com', 'username': 'jseyster'}

Message: SERVER-61271 Correct return value from executeCandidateTrial
Branch: master
https://github.com/mongodb/mongo/commit/b4507ea9547281e3231bfbe9e123c1473e500ed1

Comment by Rushan Chen [ 09/Nov/21 ]

Looks like this was caught for the brief moment this change was in master:

https://github.com/10gen/mongo/commits/master/src/mongo/db/query/sbe_runtime_planner.cpp

justin.seyster could you please close this coverity defect accordingly, or if the fix is to be merged again, please make sure an explicit return value is used.

 

 

Comment by Kyle Suarez [ 09/Nov/21 ]

Agreed that the return value here is strange. I suppose a non-null pointer will be converted to true but it's better to just return that directly, if that's the intention.

Comment by Eric Milkie [ 05/Nov/21 ]

(This isn't actually a null-check; I think it's just a mistake that we're returning a pointer for a function that returns a bool?)

Generated at Thu Feb 08 05:52:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.