You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "Paweł Janicki (JIRA)" <ji...@apache.org> on 2015/07/08 16:03:05 UTC

[jira] [Created] (THRIFT-3228) Fix TAutoOverlapThread may reference released memory

Paweł Janicki created THRIFT-3228:
-------------------------------------

             Summary: Fix TAutoOverlapThread may reference released memory
                 Key: THRIFT-3228
                 URL: https://issues.apache.org/jira/browse/THRIFT-3228
             Project: Thrift
          Issue Type: Bug
          Components: C++ - Library
    Affects Versions: 0.9.2
            Reporter: Paweł Janicki
            Priority: Critical


A released memory may be referenced by TAutoEverlapThread in case there exists a global instance of TPipeServer or TNamedPipeServer or TAutoOverlapThread in compilation module other than src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp

TPipeServer on listen() instantiates TNamedPipeServer which instantiates TAutoOverlapThread. The TAutoOverlapThread calls in it's d-tor a static function TOverlappedSubmissionThread::release_instance(). This static functions refers to global variable "TCriticalSection TOverlappedSubmissionThread::instanceGuard_" defined in src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp.

As the d-tion of globar variable is undefined across compilation modules it may happen that if user defined global variable holding reference to
TPipeServer, the instanceGuard_ can be freed by CRT before call to TPipeServer d-tor, which will reference deleted global variable instanceGuard_.

This is because of incorrect implementation of singleton pattern of TOverlappedSubmissionThread.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)