Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10372

ReplicaSetMonitor creates a thread that references memory it does not own

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Duplicate
    • 2.2.4, 2.4.5
    • None
    • Internal Client
    • None
    • Windows, Linux confirmed
    • Fully Compatible
    • ALL
    • Hide

      The simplest approach is to call mongo::ReplicaSetMonitor::remove() to destroy the referenced memory in a running process. The new thread will reference the freed memory within 10 seconds.

      Using Microsoft's ODBCtest, start and end a connection to a replica set. When the last connection to that driver .dll is closed, the program will drop the .dll and crash the next time the new thread wakes up.

      Show
      The simplest approach is to call mongo::ReplicaSetMonitor::remove() to destroy the referenced memory in a running process. The new thread will reference the freed memory within 10 seconds. Using Microsoft's ODBCtest, start and end a connection to a replica set. When the last connection to that driver .dll is closed, the program will drop the .dll and crash the next time the new thread wakes up.

    Description

      The ReplicaSetMonitor constructor creates a new thread that references memory belonging to the constructor thread. If the constructor thread exits or frees the ReplicaSetMonitor, the new thread references freed memory.

      This is likely related to SERVER-8707. The problem was previously obscured by SERVER-8891.

      We need this fixed in 2.4. The 2.4.5 C++ API is working well with older Mongo servers so we don't need this backported into 2.2.

      Attachments

        Issue Links

          Activity

            People

              tad Tad Marshall
              gerry f Gerry F
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: