You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Paweł Janicki (JIRA)" <ji...@apache.org> on 2015/07/08 16:03:05 UTC
[jira] [Created] (THRIFT-3228) Fix TAutoOverlapThread may reference
released memory
Paweł Janicki created THRIFT-3228:
-------------------------------------
Summary: Fix TAutoOverlapThread may reference released memory
Key: THRIFT-3228
URL: https://issues.apache.org/jira/browse/THRIFT-3228
Project: Thrift
Issue Type: Bug
Components: C++ - Library
Affects Versions: 0.9.2
Reporter: Paweł Janicki
Priority: Critical
A released memory may be referenced by TAutoEverlapThread in case there exists a global instance of TPipeServer or TNamedPipeServer or TAutoOverlapThread in compilation module other than src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp
TPipeServer on listen() instantiates TNamedPipeServer which instantiates TAutoOverlapThread. The TAutoOverlapThread calls in it's d-tor a static function TOverlappedSubmissionThread::release_instance(). This static functions refers to global variable "TCriticalSection TOverlappedSubmissionThread::instanceGuard_" defined in src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp.
As the d-tion of globar variable is undefined across compilation modules it may happen that if user defined global variable holding reference to
TPipeServer, the instanceGuard_ can be freed by CRT before call to TPipeServer d-tor, which will reference deleted global variable instanceGuard_.
This is because of incorrect implementation of singleton pattern of TOverlappedSubmissionThread.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)