You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "Ben Craig (JIRA)" <ji...@apache.org> on 2015/07/08 16:12:04 UTC

[jira] [Commented] (THRIFT-3228) Fix TAutoOverlapThread may reference released memory

    [ https://issues.apache.org/jira/browse/THRIFT-3228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14618636#comment-14618636 ] 

Ben Craig commented on THRIFT-3228:
-----------------------------------

This is a documented limitation.  From TPipe.h:
/**
 * Windows Pipes implementation of the TTransport interface.
 * Don't destroy a TPipe at global scope, as that will cause a thread join
 * during DLLMain.  That also means that client objects using TPipe shouldn't be at global
 * scope.
 */

>From TPipeServer.h
/**
 * Windows Pipes implementation of TServerTransport.
 * Don't destroy a TPipeServer at global scope, as that will cause a thread join
 * during DLLMain.  That also means that TServer's using TPipeServer shouldn't be at global
 * scope.
 */

> Fix TAutoOverlapThread may reference released memory
> ----------------------------------------------------
>
>                 Key: THRIFT-3228
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3228
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.9.2
>            Reporter: Paweł Janicki
>            Priority: Critical
>         Attachments: ConsoleApplication1.cpp
>
>
> A released memory may be referenced by TAutoEverlapThread in case there exists a global instance of TPipeServer or TNamedPipeServer or TAutoOverlapThread in compilation module other than src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp
> TPipeServer on listen() instantiates TNamedPipeServer which instantiates TAutoOverlapThread. The TAutoOverlapThread calls in it's d-tor a static function TOverlappedSubmissionThread::release_instance(). This static functions refers to global variable "TCriticalSection TOverlappedSubmissionThread::instanceGuard_" defined in src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp.
> As the d-tion of globar variable is undefined across compilation modules it may happen that if user defined global variable holding reference to
> TPipeServer, the instanceGuard_ can be freed by CRT before call to TPipeServer d-tor, which will reference deleted global variable instanceGuard_.
> This is because of incorrect implementation of singleton pattern of TOverlappedSubmissionThread.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)