Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31262

Storage of _rbidCommandHandle can race with destruction of SyncSourceResolver

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 3.4.11, 3.5.13
    • Replication
    • None
    • Fully Compatible
    • ALL
    • v3.4, v3.2
    • Repl 2017-10-02, Repl 2017-10-23
    • 0

    Description

      SyncSourceResolver::join waits for the Resolver's _state member to transition to kComplete. This transition is performed by the final '_finishCallback()' step, performed by the last callback scheduled by SyncSourceResolver. One of callback in the chain, _rbidRequestCallback, schedules a callback, takes a mutex on the SyncSourceResolver, and saves the handle into a member. However, nothing prevents the scheduled callback from executing, calling _finishCallback(), and allowing SyncSourceResolver's deconstructor to finish. If the handle is saved after the destructor calls, its own destructor will never be called, which prevents its shared_ptr's reference count from decrementing, causing a leak.

      Attachments

        Issue Links

          Activity

            People

              siyuan.zhou@mongodb.com Siyuan Zhou
              spencer.jackson@mongodb.com Spencer Jackson
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: