Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.2.6, 4.4.0-rc0, 4.7.0
Affects Version/s: None
Component/s: Internal Code
Labels:
- servicearch-wfbf-day

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.4, v4.2
Sprint:
Service arch 2020-04-20
Linked BF Score:
23

The replica set change notifier makes a copy of _listeners under a lock, but then invokes onConfirmedSet on those listeners outside the lock. During shutdown, those pointers can be dead, which can cause us to use after free and crash.

See replica_set_change_notifier.cpp#L116-L120

    auto listeners = _listeners;
    lk.unlock();

    for (auto listener : listeners) {
        listener->onConfirmedSet(state);
    };

Assignee:: Janna Golden

Reporter:: Mira Carey

Participants:: Githook User, Janna Golden, Mira Carey

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Jul 26 2019 06:59:30 PM UTC

Updated:: Oct 29 2023 10:18:41 PM UTC

Resolved:: Apr 07 2020 09:48:31 PM UTC

Details

Description

Attachments

Activity

People

Dates