[CDRIVER-2238] Race in mongoc_client_kill_cursor Created: 08/Aug/17  Updated: 28/Oct/23  Resolved: 23/Aug/17

Status: Closed
Project: C Driver
Component/s: libmongoc
Affects Version/s: None
Fix Version/s: 1.8.0

Type: Bug Priority: Minor - P4
Reporter: A. Jesse Jiryu Davis Assignee: A. Jesse Jiryu Davis
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

mongoc_client_kill_cursor gets a server description from the topology, then continues to access the server description after it has unlocked the topology. In pooled mode, the server description could be freed by a topology change while mongoc_client_kill_cursor holds a reference to it.



 Comments   
Comment by Ramon Fernandez Marina [ 12/Sep/17 ]

Author:

{'username': u'ajdavis', 'name': u'A. Jesse Jiryu Davis', 'email': u'jesse@mongodb.com'}

Message:CDRIVER-2238 race in mongoc_client_kill_cursor

Once the topology mutex is unlocked, it isn't safe to use a server
description from the topology: the server description could be freed by
a topology change before mongoc_client_kill_cursor accesses its server
id. I had apparently begun to make this thread-safe a while ago but
didn't finish the job until now.
Branch:master
https://github.com/mongodb/mongo-c-driver/commit/40e02859088e4a524b49dc6b86d34a43701b44da

Comment by A. Jesse Jiryu Davis [ 23/Aug/17 ]

Fixed: https://github.com/mongodb/mongo-c-driver/commit/40e02859088e4a524b49dc6b86d34a43701b44da

Generated at Wed Feb 07 21:14:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.