Bug #10614


Possible access violation in WApplication::UpdateLock

Added by Steven Köhler almost 2 years ago. Updated over 1 year ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


During testing I encountered an access violation while trying to acquire an WApplication::UpdateLock. I used a thread pool to outsource some expensive calculations to not unnecessarily slow application creation. Since it could happen that the application gets destroyed before all workers are finished, I added an application-pointer to each worker, that gets set to nullptr on application destruction, which I then use to get an UpdateLock to be sure I can safely update the application. The corresponding code looks something like this:

/* do expensive stuff */
WApplication::UpdateLock lock{ /* might-be-null-ptr */ };
if (lock) { /* update application */ }

As it turned out, creating the UpdateLock with a nullptr causes an access violation, since there is no null check for the passed pointer before acessing it. I initially assumed that taking the lock just fails in this situation, since there is no application to lock, and which imho should be the expected behavior. It can easily be worked around by doing a manual null check first, but since this might be forgotten and it shouldn't be that easy to kill the whole server anyways, it would be better to add the null check directly to UpdateLock.

I already implemented the proposed fix and created a pull request for it.

Actions #1

Updated by Steven Köhler almost 2 years ago

Link to the pull request:

Actions #2

Updated by Roel Standaert almost 2 years ago

  • Target version set to 4.9.0
Actions #3

Updated by Roel Standaert over 1 year ago

  • Target version changed from 4.9.0 to 4.10.0
Actions #4

Updated by Roel Standaert over 1 year ago

  • Status changed from New to Closed
  • Target version deleted (4.10.0)

This was already merged in Wt 4.9.0.


Also available in: Atom PDF