Skip to content

Null-deref of service_ during strand teardown (race) #348

Description

@mvandeberg

Summary

A race during strand teardown can null-dereference service_: enqueue() commits to post_invoker() while shutdown() nulls out service_.

Detail

Race in strand_service.cpp:173enqueue() returns true (committed to post_invoker()) while shutdown() stores nullptr into service_; the invoker's operator new then dereferences the now-null service_. Nothing serializes the two paths.

Suggested acceptance criteria

  • The enqueue()/shutdown() paths are serialized (or otherwise made race-free).
  • No null-deref of service_ during strand teardown.

References

strand_service.cpp:173.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type
No fields configured for issues without a type.

Projects

Status
In progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions