You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "James E. King, III (JIRA)" <ji...@apache.org> on 2016/06/14 21:04:30 UTC

[jira] [Commented] (THRIFT-3228) Fix TAutoOverlapThread may reference released memory

    [ https://issues.apache.org/jira/browse/THRIFT-3228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15330593#comment-15330593 ] 

James E. King, III commented on THRIFT-3228:
--------------------------------------------

Does the priority of critical still make sense for this particular defect with respect to other defects labeled as such?
Would it be possible to submit a pull request in github for the fix?

> Fix TAutoOverlapThread may reference released memory
> ----------------------------------------------------
>
>                 Key: THRIFT-3228
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3228
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.9.2
>            Reporter: Paweł Janicki
>            Priority: Critical
>         Attachments: 0001-THRIFT-3228.-cpp-Fix-TAutoOverlapThread-may-referenc.patch, ConsoleApplication1.cpp
>
>
> A released memory may be referenced by TAutoEverlapThread in case there exists a global instance of TPipeServer or TNamedPipeServer or TAutoOverlapThread in compilation module other than src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp
> TPipeServer on listen() instantiates TNamedPipeServer which instantiates TAutoOverlapThread. The TAutoOverlapThread calls in it's d-tor a static function TOverlappedSubmissionThread::release_instance(). This static functions refers to global variable "TCriticalSection TOverlappedSubmissionThread::instanceGuard_" defined in src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp.
> As the d-tion of globar variable is undefined across compilation modules it may happen that if user defined global variable holding reference to
> TPipeServer, the instanceGuard_ can be freed by CRT before call to TPipeServer d-tor, which will reference deleted global variable instanceGuard_.
> This is because of incorrect implementation of singleton pattern of TOverlappedSubmissionThread.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)