Bug #10614
closedPossible access violation in WApplication::UpdateLock
0%
Description
During testing I encountered an access violation while trying to acquire an WApplication::UpdateLock
. I used a thread pool to outsource some expensive calculations to not unnecessarily slow application creation. Since it could happen that the application gets destroyed before all workers are finished, I added an application-pointer to each worker, that gets set to nullptr
on application destruction, which I then use to get an UpdateLock
to be sure I can safely update the application. The corresponding code looks something like this:
/* do expensive stuff */
WApplication::UpdateLock lock{ /* might-be-null-ptr */ };
if (lock) { /* update application */ }
As it turned out, creating the UpdateLock
with a nullptr
causes an access violation, since there is no null check for the passed pointer before acessing it. I initially assumed that taking the lock just fails in this situation, since there is no application to lock, and which imho should be the expected behavior. It can easily be worked around by doing a manual null check first, but since this might be forgotten and it shouldn't be that easy to kill the whole server anyways, it would be better to add the null check directly to UpdateLock
.
I already implemented the proposed fix and created a pull request for it.
Updated by Steven Köhler over 2 years ago
Link to the pull request: https://github.com/emweb/wt/pull/195
Updated by Roel Standaert about 2 years ago
- Target version changed from 4.9.0 to 4.10.0
Updated by Roel Standaert almost 2 years ago
- Status changed from New to Closed
- Target version deleted (
4.10.0)
This was already merged in Wt 4.9.0.