[
https://issues.apache.org/jira/browse/THRIFT-3228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14933855#comment-14933855
]
James E. King, III commented on THRIFT-3228:
--------------------------------------------
[~ben.craig] What's the next action to take here?
> Fix TAutoOverlapThread may reference released memory
> ----------------------------------------------------
>
> Key: THRIFT-3228
> URL: https://issues.apache.org/jira/browse/THRIFT-3228
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.9.2
> Reporter: Paweł Janicki
> Priority: Critical
> Attachments:
> 0001-THRIFT-3228.-cpp-Fix-TAutoOverlapThread-may-referenc.patch,
> ConsoleApplication1.cpp
>
>
> A released memory may be referenced by TAutoEverlapThread in case there
> exists a global instance of TPipeServer or TNamedPipeServer or
> TAutoOverlapThread in compilation module other than
> src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp
> TPipeServer on listen() instantiates TNamedPipeServer which instantiates
> TAutoOverlapThread. The TAutoOverlapThread calls in it's d-tor a static
> function TOverlappedSubmissionThread::release_instance(). This static
> functions refers to global variable "TCriticalSection
> TOverlappedSubmissionThread::instanceGuard_" defined in
> src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp.
> As the d-tion of globar variable is undefined across compilation modules it
> may happen that if user defined global variable holding reference to
> TPipeServer, the instanceGuard_ can be freed by CRT before call to
> TPipeServer d-tor, which will reference deleted global variable
> instanceGuard_.
> This is because of incorrect implementation of singleton pattern of
> TOverlappedSubmissionThread.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
