Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-50521

Dereference of null pointer in spatial_modify make_nodelist

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 7.1.0
    • 7.0.0, 7.0.1, 7.0.2
    • storage-engine, view-engine
    • None
    • Untriaged
    • 1
    • Unknown

    Description

      Flagged by clang-scan the following code sets r to null, not what r points to.

      static nodelist *make_nodelist(arena* a, size_t bufsize)
      		 
      {
      		 
          nodelist *r = (nodelist *) arena_alloc(a, sizeof(nodelist) + bufsize);
      		 
          if (r == nullptr) {
      		 
              return nullptr;
      		 
          }
      		 
          r = {};  <--- r is now null
      		 
          r->data.size = bufsize; <--- deref null
      		 
          r->data.buf = ((char *) r) + (sizeof(nodelist));
      		 
          return r;
      		 
      }

      Code should be

      *r = {};

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. MB-45044 Workaround / fix GCC Bug 55917 - Impossible to find/debug unhandled exceptions in an std::thread

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          For Gerrit Dashboard: MB-50521
          # Subject Branch Project Status CR V
          169212,2 MB-50521: Fix deference of nullptr in spatial_modify.cc make_nodelist master couchstore Status: MERGED +2 +1

          Activity

            People

              jwalker Jim Walker
              jwalker Jim Walker
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty