Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-2788

Java: freed memory overwrite during handle close can cause JNI crash

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.2.8
    • Fix Version/s: WT2.9.0, 3.2.10, 3.3.14
    • Labels:
      None

      Description

      Originally filed as a pull request https://github.com/wiredtiger/wiredtiger/pull/2904 by github user jindongh:

      The updated ex_thread test may crash without this fix, because JNI wrapper tried to free session->lang_private after it returned session with connection.close().

      After java thread A opens the session, it will allocate memory and assign it to session->lang_private. When java thread A closes the session, it will call connection.close(session) first, and then try to free session->lang_private. The problem is: after thread A calls connection.close() and before it frees lang_private, another thread B may reuse this session and close it, then thread A will find lang_private is set to NULL by thread B and it crashes.

      So we need to free lang_private before we call connection.close in the JNI wrapper.

        Attachments

          Activity

            People

            • Assignee:
              donald.anderson Donald Anderson
              Reporter:
              donald.anderson Donald Anderson
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: