dragonls opened a new pull request, #537:
URL: https://github.com/apache/pulsar-client-cpp/pull/537
<!--
### Contribution Checklist
- PR title format should be *[type][component] summary*. For details, see
*[Guideline - Pulsar PR Naming
Convention](https://docs.google.com/document/d/1d8Pw6ZbWk-_pCKdOmdvx9rnhPiyuxwq60_TrD68d7BA/edit#heading=h.trs9rsex3xom)*.
- Fill out the template below to describe the changes contributed by the
pull request. That will give reviewers the context they need to do the review.
- Each pull request should address only one issue, not mix up code from
multiple issues.
- Each commit in the pull request has a meaningful commit message
- Once all items of the checklist are addressed, remove the above text and
this checklist, leaving only the filled out template below.
-->
Fixes #536
### Motivation
A use-after-free crash occurs in
`MultiTopicsConsumerImpl::getBrokerConsumerStatsAsync()` when the underlying
connection is closed while an asynchronous consumer stats request is pending.
The root cause has two aspects:
1. **Reference capture of stack variables**: The lambda captures local
variables (`latchPtr`, `statsPtr`, `i`) by reference. If the callback is
invoked after the function returns, these references become dangling.
2. **Direct `this` capture in lambda**: Both the outer and inner lambdas
capture `this` directly. Although there's a `weakSelf.lock()` check, the actual
function call `handleGetConsumerStats(...)` is invoked through the captured
`this` pointer (implicit `this->handleGetConsumerStats(...)`), **not through
`self->`**. When `ClientConnection::close()` calls `setFailed()` on pending
promises, it synchronously triggers the registered callbacks, potentially
causing use-after-free if the `MultiTopicsConsumerImpl` has been destroyed.
### Modifications
1. **Use `shared_ptr<atomic>` for index**: Replace stack variable `size_t i`
with `std::shared_ptr<std::atomic<size_t>>` for thread-safe indexing and proper
lifetime management.
2. **Create `weakSelf` outside lambdas**: Move `weak_from_this()` call
outside to avoid capturing `this` in the outer lambda.
3. **Remove `this` capture from all lambdas**: Neither the outer nor inner
lambda captures `this` anymore.
4. **Call member function through `self->`**: Change
`handleGetConsumerStats(...)` to `self->handleGetConsumerStats(...)` to ensure
the call goes through the `shared_ptr`, not the raw `this` pointer.
### Verifying this change
- [ ] Make sure that the change passes the CI checks.
*(Please pick either of the following options)*
This change is a trivial rework / code cleanup without any test coverage.
The crash scenario is difficult to reproduce in unit tests as it requires
precise timing of connection closure during async operations. However, the fix
follows the standard C++ weak_ptr/shared_ptr pattern for preventing
use-after-free in asynchronous callbacks.
### Documentation
<!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. -->
- [ ] `doc-required`
(Your PR needs to update docs and you will update later)
- [x] `doc-not-needed`
(Please explain why)
- [ ] `doc`
(Your PR contains doc changes)
- [ ] `doc-complete`
(Docs have been already added)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
