[SERVER-69584] Pass ConnectionMetrics by shared_ptr Created: 12/Sep/22 Updated: 29/Oct/23 Resolved: 19/Sep/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.1.0-rc3, 6.2.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Vojislav Stojkovic | Assignee: | Vojislav Stojkovic |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Operating System: | ALL | ||||||||||||
| Backport Requested: |
v6.1
|
||||||||||||
| Steps To Reproduce: | Reproduced by BF-26305. Can be reliably reproduced if an artificial delay is introduced inside the DNS resolution callback before the ConnectionMetrics is accessed. |
||||||||||||
| Sprint: | Service Arch 2022-09-19, Service Arch 2022-10-03 | ||||||||||||
| Participants: | |||||||||||||
| Linked BF Score: | 148 | ||||||||||||
| Description |
|
Passing the ConnectionMetrics by raw pointer into TransportLayerASIO::asyncConnect can cause a use-after-free situation when the TLConnection that owns the ConnectionMetrics is freed before the DNS resolution callback is called. The solution is to pass ConnectionMetrics by shared pointer. Since TLConnection is already managed by a shared pointer, we can pass its ConnectionMetrics as a shared pointer using the aliasing constructor. |
| Comments |
| Comment by Andrew Shuvalov (Inactive) [ 02/Nov/22 ] |
|
The problem was detected independently and confirmed to be DNS. |
| Comment by Githook User [ 19/Sep/22 ] |
|
Author: {'name': 'Vojislav Stojkovic', 'email': 'vojislav.stojkovic@mongodb.com', 'username': 'vstojkovic-mongodb'}Message: (cherry picked from commit f81093713522be99a93571f0f3e5f0e16c4db600) |
| Comment by Githook User [ 16/Sep/22 ] |
|
Author: {'name': 'Vojislav Stojkovic', 'email': 'vojislav.stojkovic@mongodb.com', 'username': 'vstojkovic-mongodb'}Message: |