<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:26:08 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-11562] Coverity analysis defect 15708: update.cpp, Dereference after null check</title>
                <link>https://jira.mongodb.org/browse/SERVER-11562</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;A new defect has been detected and assigned to acm in Coverity Connect &lt;a href=&quot;http://coverity.mongodb.com//sourcebrowser.htm?projectId=10001#mergedDefectId=15708&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://coverity.mongodb.com//sourcebrowser.htm?projectId=10001#mergedDefectId=15708&lt;/a&gt; &lt;br/&gt;
              The defect was flagged by checker FORWARD_NULL in &lt;br/&gt;
                    file /src/mongo/db/ops/update.cpp &lt;br/&gt;
                    function mongo::update(const mongo::UpdateRequest &amp;amp;, mongo::OpDebug *, mongo::UpdateDriver *) &lt;br/&gt;
              and this ticket was created by matt.kangas@10gen.com &lt;/p&gt;</description>
                <environment></environment>
        <key id="97049">SERVER-11562</key>
            <summary>Coverity analysis defect 15708: update.cpp, Dereference after null check</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="andrew.morrow@mongodb.com">Andrew Morrow</assignee>
                                    <reporter username="auto">auto</reporter>
                        <labels>
                            <label>coverity</label>
                    </labels>
                <created>Mon, 4 Nov 2013 21:22:16 +0000</created>
                <updated>Wed, 10 Dec 2014 23:18:51 +0000</updated>
                            <resolved>Tue, 12 Nov 2013 00:48:16 +0000</resolved>
                                                                    <component>Testing Infrastructure</component>
                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="454796" author="acm" created="Tue, 12 Nov 2013 00:48:16 +0000"  >&lt;p&gt;Asya has changed the coverity settings to prune branches based on dasserts, which seems to have made this false positive go away. Marking as resolved.&lt;/p&gt;</comment>
                            <comment id="454297" author="acm" created="Mon, 11 Nov 2013 12:45:03 +0000"  >&lt;p&gt;Asya -&lt;/p&gt;

&lt;p&gt;If coverity is doing some level of inter-procedural analysis, it may be the case that it is able to prove that the same conditions that give rise to a NULL collection pointer prevent entering the loop body, even without an explicit dassert in this file.&lt;/p&gt;</comment>
                            <comment id="454184" author="acm" created="Sun, 10 Nov 2013 23:29:31 +0000"  >&lt;p&gt;For 2.2 and 2.4, you want &lt;tt&gt;&amp;#45;&amp;#45;dd&lt;/tt&gt;, not &lt;tt&gt;&amp;#45;&amp;#45;d&lt;/tt&gt;.&lt;br/&gt;
For 2.5: you want &lt;tt&gt;&amp;#45;&amp;#45;dbg=on&lt;/tt&gt; or &lt;tt&gt;&amp;#45;&amp;#45;dd&lt;/tt&gt;. We have deprecated &lt;tt&gt;&amp;#45;&amp;#45;dd&lt;/tt&gt; in 2.5.&lt;/p&gt;</comment>
                            <comment id="454182" author="asya" created="Sun, 10 Nov 2013 23:14:06 +0000"  >&lt;p&gt;Ok, this is interesting.   I just built mongo master with _DEBUG via &quot;--dbg on&quot; flag and two defects disappeared as a result.  This deref after null check was one of them - though I don&apos;t see any dasserts in the code.   I need to look at the two that went away and the 6 new ones that were flagged as a result before setting this live.&lt;/p&gt;

&lt;p&gt;Just to confirm - my understanding is that -d option should work both with master and 2.2 and 2.4 to turn on _DEBUG?&lt;/p&gt;</comment>
                            <comment id="453430" author="acm" created="Fri, 8 Nov 2013 02:53:44 +0000"  >&lt;p&gt;I agree about avoiding littering source code annotations everywhere to the extent possible. I&apos;m curious though why we don&apos;t do the coverity build with _DEBUG. For its part, the clang static analysis tool explicitly recommends building in debug mode exactly so that debug assertions can be used to prune paths that are known by the programmer to be impossible.&lt;/p&gt;

&lt;p&gt;I really think a dassert(collection != NULL) right at the beginning of the loop would be cleanest: this is one of those cases where dassert is, to my mind, justified, since it is our belief that a NULL &apos;collection&apos; pointer is a logical impossibility in the loop, and the dassert could trip only if the surrounding code was changed in some invalid fashion.&lt;/p&gt;

&lt;p&gt;I definitely wouldn&apos;t want to put an all the time assertion here: this is a hot path and we know that it can&apos;t be null.&lt;/p&gt;

&lt;p&gt;Can we consider having coverity run in the equivalent of --dbg=on mode?&lt;/p&gt;
</comment>
                            <comment id="453342" author="asya" created="Thu, 7 Nov 2013 23:50:16 +0000"  >&lt;p&gt;There are several ways this can be done.   I prefer not to use source code annotations if possible, and marking this False Positive in Coverity UI will take care of not flagging it again.   However, if you feel that there are other places that might be flagged because of the same &quot;root&quot; cause, then you can add an assert which guarantees that collection is not null at that point - our analysis is configured to understand our asserts, but dassert is a tricky one as we don&apos;t build with _DEBUG by default for Coverity analysis.&lt;/p&gt;

&lt;p&gt;I could add configuration which undefs dassert so that I can define it as a regular assert, that may clean up a bunch of other FPs, or it might introduce new ones.  &lt;img class=&quot;emoticon&quot; src=&quot;https://jira.mongodb.org/images/icons/emoticons/smile.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;&lt;/p&gt;</comment>
                            <comment id="452940" author="acm" created="Thu, 7 Nov 2013 14:51:42 +0000"  >&lt;p&gt;After Eliot&apos;s latest commit here, we believe that this is a false positive. The body of the loop where collection is dereferenced will never be entered if the collection is null, since the runner will not return RUNNER_ADVANCED if the collection does not exist.&lt;/p&gt;

&lt;p&gt;However, coverity is correct that this is not obvious from the flow of control within this function.&lt;/p&gt;

&lt;p&gt;We should probably add a coverity annotation (and a dassert?) inside the loop body that declares that &apos;collection&apos; cannot be NULL.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=asya&quot; class=&quot;user-hover&quot; rel=&quot;asya&quot;&gt;asya&lt;/a&gt; Do you have some information on how to write coverity annotations?&lt;/p&gt;</comment>
                            <comment id="451196" author="acm" created="Mon, 4 Nov 2013 21:40:16 +0000"  >&lt;p&gt;Actually, looks like the relevant lines are these:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/mongodb/mongo/blob/b42d0215a515a7851bee818595bc67c2e9a955c5/src/mongo/db/ops/update.cpp#L126&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/blob/b42d0215a515a7851bee818595bc67c2e9a955c5/src/mongo/db/ops/update.cpp#L126&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;and&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/mongodb/mongo/blob/b42d0215a515a7851bee818595bc67c2e9a955c5/src/mongo/db/ops/update.cpp#L131-L132&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/blob/b42d0215a515a7851bee818595bc67c2e9a955c5/src/mongo/db/ops/update.cpp#L131-L132&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Coverity is seeing these and saying &quot;OK, you think &apos;collection&apos; might be NULL, but then you pass it to theDataFileMgr.updateRecord, which dereferences it.&lt;/p&gt;

&lt;p&gt;The line that is capturing &apos;collection&apos; and not checking to see if it was NULL was added in this commit by Eliot: &lt;a href=&quot;https://github.com/mongodb/mongo/commit/f3e324f10697bd4f0c9bdebced4a1e69d91cdd89&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/f3e324f10697bd4f0c9bdebced4a1e69d91cdd89&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If, in fact, the return value of &apos;getCollection&apos; can be NULL, then the code should change to deal with that outcome. If getCollection cannot return NULL, then the check for it being NULL before calling refreshIndexKeys should be removed, and Coverity will no longer interpret the existence of that check as implying that getCollection can return NULL, which should placate it.&lt;/p&gt;


</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>8.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 4 Nov 2013 21:26:29 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        10 years, 14 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            10 years, 14 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>andrew.morrow@mongodb.com</customfieldvalue>
            <customfieldvalue>asya.kamsky@mongodb.com</customfieldvalue>
            <customfieldvalue>auto</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrm8bb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrtzlb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>88899</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hsp60v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>