[ https://issues.apache.org/jira/browse/THRIFT-3228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paweł Janicki updated THRIFT-3228: ---------------------------------- Attachment: ConsoleApplication1.cpp Attached source that exposes the issue. > Fix TAutoOverlapThread may reference released memory > ---------------------------------------------------- > > Key: THRIFT-3228 > URL: https://issues.apache.org/jira/browse/THRIFT-3228 > Project: Thrift > Issue Type: Bug > Components: C++ - Library > Affects Versions: 0.9.2 > Reporter: Paweł Janicki > Priority: Critical > Attachments: ConsoleApplication1.cpp > > > A released memory may be referenced by TAutoEverlapThread in case there > exists a global instance of TPipeServer or TNamedPipeServer or > TAutoOverlapThread in compilation module other than > src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp > TPipeServer on listen() instantiates TNamedPipeServer which instantiates > TAutoOverlapThread. The TAutoOverlapThread calls in it's d-tor a static > function TOverlappedSubmissionThread::release_instance(). This static > functions refers to global variable "TCriticalSection > TOverlappedSubmissionThread::instanceGuard_" defined in > src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp. > As the d-tion of globar variable is undefined across compilation modules it > may happen that if user defined global variable holding reference to > TPipeServer, the instanceGuard_ can be freed by CRT before call to > TPipeServer d-tor, which will reference deleted global variable > instanceGuard_. > This is because of incorrect implementation of singleton pattern of > TOverlappedSubmissionThread. -- This message was sent by Atlassian JIRA (v6.3.4#6332)