<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:21:40 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-4698] Coverity analysis defect 133796: Remove excess duplicate call</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-4698</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;Double free&lt;/p&gt;

&lt;p&gt; Depending on the implementation of the deallocator function, the memory may by placed on the free list more than once. Memory is deallocated more than once&lt;br/&gt;
/src/libmongoc/src/mongoc/mcd-azure.c:209: USE_AFTER_FREE 133796 Calling &quot;_mongoc_http_response_cleanup&quot; frees pointer &quot;resp.body&quot; which has already been freed.&lt;/p&gt;</description>
                <environment></environment>
        <key id="2400008">CDRIVER-4698</key>
            <summary>Coverity analysis defect 133796: Remove excess duplicate call</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="xgen-internal-coverity">Coverity Collector User</reporter>
                        <labels>
                    </labels>
                <created>Tue, 25 Jul 2023 12:47:35 +0000</created>
                <updated>Sat, 28 Oct 2023 11:27:47 +0000</updated>
                            <resolved>Thu, 27 Jul 2023 19:07:11 +0000</resolved>
                                                    <fixVersion>1.25.0</fixVersion>
                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="5590890" author="xgen-internal-githook" created="Tue, 25 Jul 2023 19:19:07 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-4698&quot; title=&quot;Coverity analysis defect 133796: Remove excess duplicate call&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-4698&quot;&gt;&lt;del&gt;CDRIVER-4698&lt;/del&gt;&lt;/a&gt; remove excess duplicate call (#1357)&lt;/p&gt;

&lt;p&gt;This is not a bug. The duplicate call to `_mongoc_http_response_cleanup` does not currently result in a double free.&lt;br/&gt;
Nonetheless, the duplicate call may result in a double free if the implementation of `_mongoc_http_send` changes in the future.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/7c49ae2cc62c6c5dafd7e65bc89e0cecc6f47cc7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/7c49ae2cc62c6c5dafd7e65bc89e0cecc6f47cc7&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5589327" author="kevin.albertson" created="Tue, 25 Jul 2023 12:59:55 +0000"  >&lt;p&gt;This issue was flagged by Coverity as a possible &quot;Double free&quot;. But I expect the duplicate call to &lt;tt&gt;_mongoc_http_response_cleanup&lt;/tt&gt; does not result in a double free.&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;_mongoc_http_send&lt;/tt&gt; &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/blob/ba5ab6de26a874d33b0abc3d2b46961a69380e7a/src/libmongoc/src/mongoc/mongoc-http.c#L121&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;zeroes the output &lt;tt&gt;res&lt;/tt&gt;&lt;/a&gt;. Fields in &lt;tt&gt;res&lt;/tt&gt; are &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/blob/ba5ab6de26a874d33b0abc3d2b46961a69380e7a/src/libmongoc/src/mongoc/mongoc-http.c#L306-L321&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;set at the end&lt;/a&gt; of the call when success is guaranteed.&lt;/p&gt;

&lt;p&gt;Nonetheless, removing the duplicate call to &lt;tt&gt;_mongoc_http_response_cleanup&lt;/tt&gt; seems like an improvement. If future changes result in &lt;tt&gt;_mongoc_http_send&lt;/tt&gt; possibly failing after setting fields in &lt;tt&gt;res&lt;/tt&gt;, this may result in a double free.&lt;/p&gt;</comment>
                            <comment id="5589307" author="dbeng-pm-bot" created="Tue, 25 Jul 2023 12:47:38 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=xgen-internal-coverity&quot; class=&quot;user-hover&quot; rel=&quot;xgen-internal-coverity&quot;&gt;xgen-internal-coverity&lt;/a&gt;, thank you for reporting this issue! The team will look into it and get back to you soon. &lt;/p&gt;</comment>
                            <comment id="5589306" author="xgen-internal-coverity" created="Tue, 25 Jul 2023 12:47:37 +0000"  >&lt;p&gt;A new defect has been detected and assigned to kevin.albertson@mongodb.com in Coverity Connect.&lt;br/&gt;
              &lt;a href=&quot;http://coverity.mongodb.com/query/defects.htm?project=C+Driver&amp;amp;cid=133796&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://coverity.mongodb.com/query/defects.htm?project=C+Driver&amp;amp;cid=133796&lt;/a&gt; &lt;br/&gt;
              The defect was flagged by checker USE_AFTER_FREE in &lt;br/&gt;
                    file /src/libmongoc/src/mongoc/mcd-azure.c &lt;br/&gt;
                    function mcd_azure_access_token_from_imds &lt;br/&gt;
              and this ticket was created by kevin.albertson@mongodb.com &lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="2111896">CDRIVER-4454</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i21fv4:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>