[CDRIVER-2238] Race in mongoc_client_kill_cursor Created: 08/Aug/17 Updated: 28/Oct/23 Resolved: 23/Aug/17 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc |
| Affects Version/s: | None |
| Fix Version/s: | 1.8.0 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | A. Jesse Jiryu Davis | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
mongoc_client_kill_cursor gets a server description from the topology, then continues to access the server description after it has unlocked the topology. In pooled mode, the server description could be freed by a topology change while mongoc_client_kill_cursor holds a reference to it. |
| Comments |
| Comment by Ramon Fernandez Marina [ 12/Sep/17 ] |
|
Author: {'username': u'ajdavis', 'name': u'A. Jesse Jiryu Davis', 'email': u'jesse@mongodb.com'}Message: Once the topology mutex is unlocked, it isn't safe to use a server |
| Comment by A. Jesse Jiryu Davis [ 23/Aug/17 ] |
|
Fixed: https://github.com/mongodb/mongo-c-driver/commit/40e02859088e4a524b49dc6b86d34a43701b44da |