[jira] [Commented] (THRIFT-3228) Fix TAutoOverlapThread may reference released memory

Mon, 28 Sep 2015 18:41:59 -0700 

    [ 
https://issues.apache.org/jira/browse/THRIFT-3228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14934471#comment-14934471
 ] 

Ben Craig commented on THRIFT-3228:
-----------------------------------

There are basically two major options...
1. Break behavioral compatibility and remove the singleton
2. Don't break behavioral compatibility

If you go with option 1. you can also take out the big chunk of 
WaitableNamedPipe code in TPipe.cpp.  It does break some legitimate use cases 
though.
If you go with option 2., your best bet is to deprecate TPipe and make a new 
version.  Maybe that version requires the user to do things similar to the 
TWinsockSingleton, or maybe it doesn't bother with the WaitableNamedPipe 
approach.

> Fix TAutoOverlapThread may reference released memory
> ----------------------------------------------------
>
>                 Key: THRIFT-3228
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3228
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.9.2
>            Reporter: Paweł Janicki
>            Priority: Critical
>         Attachments: 
> 0001-THRIFT-3228.-cpp-Fix-TAutoOverlapThread-may-referenc.patch, 
> ConsoleApplication1.cpp
>
>
> A released memory may be referenced by TAutoEverlapThread in case there 
> exists a global instance of TPipeServer or TNamedPipeServer or 
> TAutoOverlapThread in compilation module other than 
> src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp
> TPipeServer on listen() instantiates TNamedPipeServer which instantiates 
> TAutoOverlapThread. The TAutoOverlapThread calls in it's d-tor a static 
> function TOverlappedSubmissionThread::release_instance(). This static 
> functions refers to global variable "TCriticalSection 
> TOverlappedSubmissionThread::instanceGuard_" defined in 
> src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp.
> As the d-tion of globar variable is undefined across compilation modules it 
> may happen that if user defined global variable holding reference to
> TPipeServer, the instanceGuard_ can be freed by CRT before call to 
> TPipeServer d-tor, which will reference deleted global variable 
> instanceGuard_.
> This is because of incorrect implementation of singleton pattern of 
> TOverlappedSubmissionThread.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to