Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-14247

Coverity: Read from pointer after free for file handle

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: APIs, Live Restore
    • Storage Engines
    • StorEng - 2025-03-28

      The below code has a bug, if WT_ERR(dest_fh->close(dest_fh, wt_session)) returns an error the dest_fh is freed while dest_closed is false, this causes the code entering if (!dest_closed && dest_fh != NULL).

          WT_ERR(dest_fh->close(dest_fh, wt_session));
    dest_closed = true;
    WT_ERR(lr_fs->os_file_system->fs_rename(
      lr_fs->os_file_system, wt_session, tmp_dest_path, dest_path, 0));

err:
    if (source_fh != NULL)
        WT_TRET(source_fh->close(source_fh, wt_session));
    if (!dest_closed && dest_fh != NULL)
        WT_TRET(dest_fh->close(dest_fh, wt_session));

       

            Assignee:
            luke.pearson@mongodb.com Luke Pearson
            Reporter:
            zunyi.liu@mongodb.com Zunyi Liu
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: