[ https://issues.apache.org/jira/browse/THRIFT-3228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15330593#comment-15330593 ]
James E. King, III commented on THRIFT-3228: -------------------------------------------- Does the priority of critical still make sense for this particular defect with respect to other defects labeled as such? Would it be possible to submit a pull request in github for the fix? > Fix TAutoOverlapThread may reference released memory > ---------------------------------------------------- > > Key: THRIFT-3228 > URL: https://issues.apache.org/jira/browse/THRIFT-3228 > Project: Thrift > Issue Type: Bug > Components: C++ - Library > Affects Versions: 0.9.2 > Reporter: Paweł Janicki > Priority: Critical > Attachments: > 0001-THRIFT-3228.-cpp-Fix-TAutoOverlapThread-may-referenc.patch, > ConsoleApplication1.cpp > > > A released memory may be referenced by TAutoEverlapThread in case there > exists a global instance of TPipeServer or TNamedPipeServer or > TAutoOverlapThread in compilation module other than > src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp > TPipeServer on listen() instantiates TNamedPipeServer which instantiates > TAutoOverlapThread. The TAutoOverlapThread calls in it's d-tor a static > function TOverlappedSubmissionThread::release_instance(). This static > functions refers to global variable "TCriticalSection > TOverlappedSubmissionThread::instanceGuard_" defined in > src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp. > As the d-tion of globar variable is undefined across compilation modules it > may happen that if user defined global variable holding reference to > TPipeServer, the instanceGuard_ can be freed by CRT before call to > TPipeServer d-tor, which will reference deleted global variable > instanceGuard_. > This is because of incorrect implementation of singleton pattern of > TOverlappedSubmissionThread. -- This message was sent by Atlassian JIRA (v6.3.4#6332)