ThreadPoolTaskExecutor is memory unsafe when task cancellation occurs around the same time an exhaust network response is received

XMLWordPrintableJSON

    • Fully Compatible
    • ALL
    • v5.3, v5.0, v4.4
    • Service Arch 2021-10-04, Service Arch 2021-12-13, Service Arch 2022-1-10, Service Arch 2022-1-24
    • 20
    • 3
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      cbState->callback is modified without holding ThreadPoolTaskExecutor::_mutex in ThreadPoolTaskExecutor::runCallbackExhaust(). This is memory unsafe because cbState->callback is also modified in the exhaust codepath's RemoteCommandOnReplyFn upon task cancellation. This issue has been observed to cause server crashes when shutting down a replica set monitor due to a partially initialized TaskExecutor::CallbackFn callback being invoked.

              Assignee:
              Amirsaman Memaripour
              Reporter:
              Max Hirschhorn
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: