Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-4207

Coverity #1394567: null pointer dereference

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.6.9, 4.0.2, 4.1.2, WT3.2.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Storage Engines 2018-07-30, Storage Engines 2018-08-13

      ** CID 1394567:  Null pointer dereferences  (FORWARD_NULL)
      /src/log/log.c: 1908 in __log_has_hole()
      
      *** CID 1394567:  Null pointer dereferences  (FORWARD_NULL)
      /src/log/log.c: 1908 in __log_has_hole()
      1902                            /*
      1903                             * Find where the next log record starts after the
      1904                             * hole.
      1905                             */
      1906                            for (p = buf, buf_left = rdlen; buf_left > 0;
      1907                                 buf_left -= rdlen, p += rdlen) {
      >>>     CID 1394567:  Null pointer dereferences  (FORWARD_NULL)
      >>>     Dereferencing null pointer "log".
      1908                                    rdlen = WT_MIN(log->allocsize, buf_left);
      1909                                    if (memcmp(p, zerobuf, rdlen) != 0)
      1910                                            break;
      1911                            }
      1912                            /*
      1913                             * A presumed log record begins here where the buffer
      

      donald.anderson, Coverity thinks that because there's a check for log == NULL earlier in the function, there's a risk of a NULL dereference here. The earlier check is:

      /*
       * It can be very slow looking for the last real record in the log
       * in very small chunks.  Walk a megabyte at a time.  If we find a
       * part of the log that is not just zeroes we know this log file
       * has a hole in it.
       */
      buf = zerobuf = NULL;
      if (log == NULL || log->allocsize < WT_MEGABYTE)
              bufsz = WT_MEGABYTE;
      else
              bufsz = log->allocsize;
      

      I'm assuming this is yours since the check was just merged into develop.

      cc: alexander.gorrod@mongodb.com

            Assignee:
            donald.anderson@mongodb.com Donald Anderson
            Reporter:
            keith.bostic@mongodb.com Keith Bostic (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: