Re: [I] [Bug] Client.close might crash [pulsar-client-cpp]

Tue, 10 Mar 2026 21:37:19 -0700 


BewareMyPower commented on issue #550:
URL: 
https://github.com/apache/pulsar-client-cpp/issues/550#issuecomment-4036312770

   After applying the following patch that extends the lifetime of `socket_`:
   
   ```diff
   diff --git a/lib/ClientConnection.cc b/lib/ClientConnection.cc
   index 0a850ed..228c668 100644
   --- a/lib/ClientConnection.cc
   +++ b/lib/ClientConnection.cc
   @@ -642,12 +642,19 @@ void ClientConnection::handleResolve(ASIO_ERROR err, 
const tcp::resolver::result
            ptr->connectTimeoutTask_->stop();
        });
        connectTimeoutTask_->start();
   -    ASIO::async_connect(*socket_, results, [weakSelf](const ASIO_ERROR& 
err, const tcp::endpoint& endpoint) {
   -        auto self = weakSelf.lock();
   -        if (self) {
   -            self->handleTcpConnected(err, endpoint);
   -        }
   -    });
   +    // Capture socket_ by value (shared_ptr) to ensure the socket object 
stays alive for
   +    // the entire duration of async_connect. ASIO's range_connect_op holds 
a raw reference
   +    // to the socket and calls socket.close() between endpoint retry 
attempts; if
   +    // ClientConnection is destroyed (dropping the socket_ shared_ptr) 
before those
   +    // internal calls complete, that results in a use-after-free crash.
   +    auto socket = socket_;
   +    ASIO::async_connect(*socket_, results,
   +                        [weakSelf, socket](const ASIO_ERROR& err, const 
tcp::endpoint& endpoint) {
   +                            auto self = weakSelf.lock();
   +                            if (self) {
   +                                self->handleTcpConnected(err, endpoint);
   +                            }
   +                        });
    }
   
    void ClientConnection::readNextCommand() {
   ```
   
   The stacks become:
   
   ```
   * thread #2, stop reason = EXC_BAD_ACCESS (code=1, address=0x98)
       frame #0: 0x0000000100081180 
pulsar-tests`asio::detail::kqueue_reactor::deregister_descriptor(this=0x000000013e81bda0,
 descriptor=8, descriptor_data=0x0000600003b891b0, closing=true) at 
kqueue_reactor.ipp:335:25
      332
      333         mutex::scoped_lock descriptor_lock(descriptor_data->mutex_);
      334
   -> 335         if (!descriptor_data->shutdown_)
      336         {
      337           if (closing)
      338           {
   Target 0: (pulsar-tests) stopped.
   (lldb) bt
   * thread #2, stop reason = EXC_BAD_ACCESS (code=1, address=0x98)
     * frame #0: 0x0000000100081180 
pulsar-tests`asio::detail::kqueue_reactor::deregister_descriptor(this=0x000000013e81bda0,
 descriptor=8, descriptor_data=0x0000600003b891b0, closing=true) at 
kqueue_reactor.ipp:335:25
       frame #1: 0x000000010008258c 
pulsar-tests`asio::detail::reactive_socket_service_base::close(this=0x0000600000a913a8,
 impl=0x0000600003b891a8, ec=0x000000016fe86690) at 
reactive_socket_service_base.ipp:109:14
       frame #2: 0x00000001005affc8 
pulsar-tests`asio::basic_socket<asio::ip::tcp, 
asio::any_io_executor>::close(this=0x0000600003b891a0, ec=0x000000016fe86690) 
at basic_socket.hpp:541:25
       frame #3: 0x00000001005f3fa8 pulsar-tests`void 
asio::detail::range_connect_op<asio::ip::tcp, asio::any_io_executor, 
asio::ip::basic_resolver_results<asio::ip::tcp>, 
asio::detail::default_connect_condition, 
pulsar::ClientConnection::handleResolve(std::__1::error_code, 
asio::ip::basic_resolver_results<asio::ip::tcp> 
const&)::$_1>::process<asio::ip::basic_resolver_iterator<asio::ip::tcp>>(this=0x000000016fe867d0,
 ec=(__val_ = 89, __cat_ = 0x00000001019f8078), start=0, 
begin=basic_resolver_iterator<asio::ip::tcp> @ 0x000000016fe866f8, 
end=basic_resolver_iterator<asio::ip::tcp> @ 0x000000016fe866e0) at 
connect.hpp:370:21
       frame #4: 0x00000001005f3ca0 
pulsar-tests`asio::detail::range_connect_op<asio::ip::tcp, 
asio::any_io_executor, asio::ip::basic_resolver_results<asio::ip::tcp>, 
asio::detail::default_connect_condition, 
pulsar::ClientConnection::handleResolve(std::__1::error_code, 
asio::ip::basic_resolver_results<asio::ip::tcp> 
const&)::$_1>::operator()(this=0x000000016fe867d0, ec=(__val_ = 89, __cat_ = 
0x00000001019f8078), start=0) at connect.hpp:347:13
       frame #5: 0x00000001005f53d4 
pulsar-tests`asio::detail::binder1<asio::detail::range_connect_op<asio::ip::tcp,
 asio::any_io_executor, asio::ip::basic_resolver_results<asio::ip::tcp>, 
asio::detail::default_connect_condition, 
pulsar::ClientConnection::handleResolve(std::__1::error_code, 
asio::ip::basic_resolver_results<asio::ip::tcp> const&)::$_1>, 
std::__1::error_code>::operator()(this=0x000000016fe867d0) at 
bind_handler.hpp:114:5
       frame #6: 0x00000001005f5234 pulsar-tests`void 
asio::detail::handler_work<asio::detail::range_connect_op<asio::ip::tcp, 
asio::any_io_executor, asio::ip::basic_resolver_results<asio::ip::tcp>, 
asio::detail::default_connect_condition, 
pulsar::ClientConnection::handleResolve(std::__1::error_code, 
asio::ip::basic_resolver_results<asio::ip::tcp> const&)::$_1>, 
asio::any_io_executor, 
void>::complete<asio::detail::binder1<asio::detail::range_connect_op<asio::ip::tcp,
 asio::any_io_executor, asio::ip::basic_resolver_results<asio::ip::tcp>, 
asio::detail::default_connect_condition, 
pulsar::ClientConnection::handleResolve(std::__1::error_code, 
asio::ip::basic_resolver_results<asio::ip::tcp> const&)::$_1>, 
std::__1::error_code>>(this=0x000000016fe86870, function=0x000000016fe867d0, 
handler=0x000000016fe867d0) at handler_work.hpp:469:7
       frame #7: 0x00000001005f4f3c 
pulsar-tests`asio::detail::reactive_socket_connect_op<asio::detail::range_connect_op<asio::ip::tcp,
 asio::any_io_executor, asio::ip::basic_resolver_results<asio::ip::tcp>, 
asio::detail::default_connect_condition, 
pulsar::ClientConnection::handleResolve(std::__1::error_code, 
asio::ip::basic_resolver_results<asio::ip::tcp> const&)::$_1>, 
asio::any_io_executor>::do_complete(owner=0x000000013e81bc80, 
base=0x0000600002694000, (null)=0x000000016fe86ae8, (null)=0) at 
reactive_socket_connect_op.hpp:114:9
       frame #8: 0x00000001000673c8 
pulsar-tests`asio::detail::scheduler_operation::complete(this=0x0000600002694000,
 owner=0x000000013e81bc80, ec=0x000000016fe86ae8, bytes_transferred=0) at 
scheduler_operation.hpp:39:5
       frame #9: 0x0000000100066ce8 
pulsar-tests`asio::detail::scheduler::do_run_one(this=0x000000013e81bc80, 
lock=0x000000016fe869c8, this_thread=0x000000016fe86a00, ec=0x000000016fe86ae8) 
at scheduler.ipp:492:12
       frame #10: 0x0000000100066950 
pulsar-tests`asio::detail::scheduler::run(this=0x000000013e81bc80, 
ec=0x000000016fe86ae8) at scheduler.ipp:209:10
       frame #11: 0x000000010078b3cc 
pulsar-tests`asio::io_context::run(this=0x0000600002a901a8) at 
io_context.ipp:63:24
       frame #12: 0x000000010078aeb0 
pulsar-tests`pulsar::ExecutorService::start()::$_0::operator()(this=0x0000600001f93c08)
 const at ExecutorService.cc:39:29
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to