You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Jonathan Ellis (JIRA)" <ji...@apache.org> on 2011/07/27 00:03:10 UTC

[jira] [Created] (CASSANDRA-2951) FreeableMemory can be accessed after it is invalid

FreeableMemory can be accessed after it is invalid
--------------------------------------------------

                 Key: CASSANDRA-2951
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-2951
             Project: Cassandra
          Issue Type: Bug
          Components: Core
    Affects Versions: 0.8.0
            Reporter: Jonathan Ellis
            Assignee: Jonathan Ellis
            Priority: Minor
             Fix For: 0.8.3
         Attachments: 2951.txt

SerializingCache.get looks like this:

{code}
    public V get(Object key)
    {
        FreeableMemory mem = map.get(key);
        if (mem == null)
            return null;
        return deserialize(mem);
    }
{code}

If a cache object is evicted or replaced after the get happens, but before deserialize completes, we will trigger an assertion failure (if asserts are enabled) or segfault (if they are not).

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CASSANDRA-2951) FreeableMemory can be accessed after it is invalid

Posted by "Sylvain Lebresne (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CASSANDRA-2951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13071813#comment-13071813 ] 

Sylvain Lebresne commented on CASSANDRA-2951:
---------------------------------------------

I think there is a race between eviction and remove (or two removes even), so that the references can be < 0. So I think the '== 0' in reference() and finalize() (but not unreference() obviously) should become '<= 0'.

With that corrected, looks good. +1.

> FreeableMemory can be accessed after it is invalid
> --------------------------------------------------
>
>                 Key: CASSANDRA-2951
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-2951
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 0.8.0
>            Reporter: Jonathan Ellis
>            Assignee: Jonathan Ellis
>            Priority: Minor
>             Fix For: 0.8.3
>
>         Attachments: 2951.txt
>
>
> SerializingCache.get looks like this:
> {code}
>     public V get(Object key)
>     {
>         FreeableMemory mem = map.get(key);
>         if (mem == null)
>             return null;
>         return deserialize(mem);
>     }
> {code}
> If a cache object is evicted or replaced after the get happens, but before deserialize completes, we will trigger an assertion failure (if asserts are enabled) or segfault (if they are not).

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CASSANDRA-2951) FreeableMemory can be accessed after it is invalid

Posted by "Hudson (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CASSANDRA-2951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072018#comment-13072018 ] 

Hudson commented on CASSANDRA-2951:
-----------------------------------

Integrated in Cassandra #978 (See [https://builds.apache.org/job/Cassandra/978/])
    fix potential use of free'd native memory interface/SerializingCache
patch by jbellis; reviewed by slebresne for CASSANDRA-2951

jbellis : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1151625
Files : 
* /cassandra/trunk/src/java/org/apache/cassandra/cache/FreeableMemory.java
* /cassandra/trunk/src/java/org/apache/cassandra/cache/SerializingCache.java
* /cassandra/trunk/CHANGES.txt


> FreeableMemory can be accessed after it is invalid
> --------------------------------------------------
>
>                 Key: CASSANDRA-2951
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-2951
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 0.8.0
>            Reporter: Jonathan Ellis
>            Assignee: Jonathan Ellis
>            Priority: Minor
>             Fix For: 0.8.3
>
>         Attachments: 2951.txt
>
>
> SerializingCache.get looks like this:
> {code}
>     public V get(Object key)
>     {
>         FreeableMemory mem = map.get(key);
>         if (mem == null)
>             return null;
>         return deserialize(mem);
>     }
> {code}
> If a cache object is evicted or replaced after the get happens, but before deserialize completes, we will trigger an assertion failure (if asserts are enabled) or segfault (if they are not).

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CASSANDRA-2951) FreeableMemory can be accessed after it is invalid

Posted by "Sylvain Lebresne (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CASSANDRA-2951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072228#comment-13072228 ] 

Sylvain Lebresne commented on CASSANDRA-2951:
---------------------------------------------

You forgot to use <= 0 in finalize in you commit, I took the liberty to change it.

> FreeableMemory can be accessed after it is invalid
> --------------------------------------------------
>
>                 Key: CASSANDRA-2951
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-2951
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 0.8.0
>            Reporter: Jonathan Ellis
>            Assignee: Jonathan Ellis
>            Priority: Minor
>             Fix For: 0.8.3
>
>         Attachments: 2951.txt
>
>
> SerializingCache.get looks like this:
> {code}
>     public V get(Object key)
>     {
>         FreeableMemory mem = map.get(key);
>         if (mem == null)
>             return null;
>         return deserialize(mem);
>     }
> {code}
> If a cache object is evicted or replaced after the get happens, but before deserialize completes, we will trigger an assertion failure (if asserts are enabled) or segfault (if they are not).

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (CASSANDRA-2951) FreeableMemory can be accessed after it is invalid

Posted by "Jonathan Ellis (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CASSANDRA-2951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jonathan Ellis updated CASSANDRA-2951:
--------------------------------------

    Attachment: 2951.txt

patch adds reference counting to FreeableMemory

> FreeableMemory can be accessed after it is invalid
> --------------------------------------------------
>
>                 Key: CASSANDRA-2951
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-2951
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 0.8.0
>            Reporter: Jonathan Ellis
>            Assignee: Jonathan Ellis
>            Priority: Minor
>             Fix For: 0.8.3
>
>         Attachments: 2951.txt
>
>
> SerializingCache.get looks like this:
> {code}
>     public V get(Object key)
>     {
>         FreeableMemory mem = map.get(key);
>         if (mem == null)
>             return null;
>         return deserialize(mem);
>     }
> {code}
> If a cache object is evicted or replaced after the get happens, but before deserialize completes, we will trigger an assertion failure (if asserts are enabled) or segfault (if they are not).

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira