Paweł Janicki created THRIFT-3228:
-------------------------------------
Summary: Fix TAutoOverlapThread may reference released memory
Key: THRIFT-3228
URL: https://issues.apache.org/jira/browse/THRIFT-3228
Project: Thrift
Issue Type: Bug
Components: C++ - Library
Affects Versions: 0.9.2
Reporter: Paweł Janicki
Priority: Critical
A released memory may be referenced by TAutoEverlapThread in case there exists
a global instance of TPipeServer or TNamedPipeServer or TAutoOverlapThread in
compilation module other than
src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp
TPipeServer on listen() instantiates TNamedPipeServer which instantiates
TAutoOverlapThread. The TAutoOverlapThread calls in it's d-tor a static
function TOverlappedSubmissionThread::release_instance(). This static functions
refers to global variable "TCriticalSection
TOverlappedSubmissionThread::instanceGuard_" defined in
src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp.
As the d-tion of globar variable is undefined across compilation modules it may
happen that if user defined global variable holding reference to
TPipeServer, the instanceGuard_ can be freed by CRT before call to TPipeServer
d-tor, which will reference deleted global variable instanceGuard_.
This is because of incorrect implementation of singleton pattern of
TOverlappedSubmissionThread.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
