Paweł Janicki created THRIFT-3228: ------------------------------------- Summary: Fix TAutoOverlapThread may reference released memory Key: THRIFT-3228 URL: https://issues.apache.org/jira/browse/THRIFT-3228 Project: Thrift Issue Type: Bug Components: C++ - Library Affects Versions: 0.9.2 Reporter: Paweł Janicki Priority: Critical
A released memory may be referenced by TAutoEverlapThread in case there exists a global instance of TPipeServer or TNamedPipeServer or TAutoOverlapThread in compilation module other than src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp TPipeServer on listen() instantiates TNamedPipeServer which instantiates TAutoOverlapThread. The TAutoOverlapThread calls in it's d-tor a static function TOverlappedSubmissionThread::release_instance(). This static functions refers to global variable "TCriticalSection TOverlappedSubmissionThread::instanceGuard_" defined in src\lib\cpp\src\thrift\windows\OverlappedSubmissionThread.cpp. As the d-tion of globar variable is undefined across compilation modules it may happen that if user defined global variable holding reference to TPipeServer, the instanceGuard_ can be freed by CRT before call to TPipeServer d-tor, which will reference deleted global variable instanceGuard_. This is because of incorrect implementation of singleton pattern of TOverlappedSubmissionThread. -- This message was sent by Atlassian JIRA (v6.3.4#6332)