ThreadPoolTaskExecutor is memory unsafe when task cancellation occurs around the same time an exhaust network response is received

XMLWordPrintableJSON

    • Fully Compatible
    • ALL
    • v5.3, v5.0, v4.4
    • Service Arch 2021-10-04, Service Arch 2021-12-13, Service Arch 2022-1-10, Service Arch 2022-1-24
    • 20
    • 3
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      cbState->callback is modified without holding ThreadPoolTaskExecutor::_mutex in ThreadPoolTaskExecutor::runCallbackExhaust(). This is memory unsafe because cbState->callback is also modified in the exhaust codepath's RemoteCommandOnReplyFn upon task cancellation. This issue has been observed to cause server crashes when shutting down a replica set monitor due to a partially initialized TaskExecutor::CallbackFn callback being invoked.

            Assignee:
            Amirsaman Memaripour
            Reporter:
            Max Hirschhorn
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: