[SERVER-62188] Shutdown race with use after free in DeadlineFuture Created: 20/Dec/21  Updated: 29/Oct/23  Resolved: 21/Dec/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.4.12, 5.2.2

Type: Bug Priority: Major - P3
Reporter: Andrew Shuvalov (Inactive) Assignee: Andrew Shuvalov (Inactive)
Resolution: Fixed Votes: 0
Labels: sharding-nyc-subteam2
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v5.2, v4.4
Participants:
Linked BF Score: 170

 Description   

The callback in DeadlineFuture is using the _mutex before checking that the callback itself is canceled.
We do wait properly in the HealthObserver for the thread pool termination, the DeadlineFuture instance is guaranteed to be available if the callback args are checked. Also, would be nice to check the cancelation token as well.



 Comments   
Comment by Githook User [ 15/Feb/22 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-62188 fix memory corruption in the DeadlineFuture

(cherry picked from commit 58d452b07f5f09781a5e3d8ed4e1644c510a3815)
Branch: v5.2
https://github.com/mongodb/mongo/commit/e3ef25e329abb47731a078081bbe91a50389d336

Comment by Githook User [ 29/Dec/21 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-62188 fix memory corruption in the DeadlineFuture

(cherry picked from commit 58d452b07f5f09781a5e3d8ed4e1644c510a3815)
Branch: v4.4
https://github.com/mongodb/mongo/commit/1b354812d9f2a22b1c6286c26cc4ce953fbd7a1c

Comment by Githook User [ 20/Dec/21 ]

Author:

{'name': 'Andrew Shuvalov', 'email': 'andrew.shuvalov@mongodb.com', 'username': 'shuvalov-mdb'}

Message: SERVER-62188 fix memory corruption in the DeadlineFuture
Branch: master
https://github.com/mongodb/mongo/commit/58d452b07f5f09781a5e3d8ed4e1644c510a3815

Generated at Thu Feb 08 05:54:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.