Project

General

Profile

Actions

Bug #10614

closed

Possible access violation in WApplication::UpdateLock

Added by Steven Köhler over 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
07/07/2022
Due date:
% Done:

0%

Estimated time:

Description

During testing I encountered an access violation while trying to acquire an WApplication::UpdateLock. I used a thread pool to outsource some expensive calculations to not unnecessarily slow application creation. Since it could happen that the application gets destroyed before all workers are finished, I added an application-pointer to each worker, that gets set to nullptr on application destruction, which I then use to get an UpdateLock to be sure I can safely update the application. The corresponding code looks something like this:

/* do expensive stuff */
WApplication::UpdateLock lock{ /* might-be-null-ptr */ };
if (lock) { /* update application */ }

As it turned out, creating the UpdateLock with a nullptr causes an access violation, since there is no null check for the passed pointer before acessing it. I initially assumed that taking the lock just fails in this situation, since there is no application to lock, and which imho should be the expected behavior. It can easily be worked around by doing a manual null check first, but since this might be forgotten and it shouldn't be that easy to kill the whole server anyways, it would be better to add the null check directly to UpdateLock.

I already implemented the proposed fix and created a pull request for it.

Actions #1

Updated by Steven Köhler over 2 years ago

Link to the pull request: https://github.com/emweb/wt/pull/195

Actions #2

Updated by Roel Standaert over 2 years ago

  • Target version set to 4.9.0
Actions #3

Updated by Roel Standaert about 2 years ago

  • Target version changed from 4.9.0 to 4.10.0
Actions #4

Updated by Roel Standaert almost 2 years ago

  • Status changed from New to Closed
  • Target version deleted (4.10.0)

This was already merged in Wt 4.9.0.

Actions

Also available in: Atom PDF