Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31262

Storage of _rbidCommandHandle can race with destruction of SyncSourceResolver

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.4.11, 3.5.13
    • Component/s: Replication
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v3.4, v3.2
    • Sprint:
      Repl 2017-10-02, Repl 2017-10-23
    • Linked BF Score:
      0

      Description

      SyncSourceResolver::join waits for the Resolver's _state member to transition to kComplete. This transition is performed by the final '_finishCallback()' step, performed by the last callback scheduled by SyncSourceResolver. One of callback in the chain, _rbidRequestCallback, schedules a callback, takes a mutex on the SyncSourceResolver, and saves the handle into a member. However, nothing prevents the scheduled callback from executing, calling _finishCallback(), and allowing SyncSourceResolver's deconstructor to finish. If the handle is saved after the destructor calls, its own destructor will never be called, which prevents its shared_ptr's reference count from decrementing, causing a leak.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: