Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10372

ReplicaSetMonitor creates a thread that references memory it does not own

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.2.4, 2.4.5
    • Component/s: Internal Client
    • None
    • Environment:
      Windows, Linux confirmed
    • Fully Compatible
    • ALL
    • Hide

      The simplest approach is to call mongo::ReplicaSetMonitor::remove() to destroy the referenced memory in a running process. The new thread will reference the freed memory within 10 seconds.

      Using Microsoft's ODBCtest, start and end a connection to a replica set. When the last connection to that driver .dll is closed, the program will drop the .dll and crash the next time the new thread wakes up.

      Show
      The simplest approach is to call mongo::ReplicaSetMonitor::remove() to destroy the referenced memory in a running process. The new thread will reference the freed memory within 10 seconds. Using Microsoft's ODBCtest, start and end a connection to a replica set. When the last connection to that driver .dll is closed, the program will drop the .dll and crash the next time the new thread wakes up.

      The ReplicaSetMonitor constructor creates a new thread that references memory belonging to the constructor thread. If the constructor thread exits or frees the ReplicaSetMonitor, the new thread references freed memory.

      This is likely related to SERVER-8707. The problem was previously obscured by SERVER-8891.

      We need this fixed in 2.4. The 2.4.5 C++ API is working well with older Mongo servers so we don't need this backported into 2.2.

            Assignee:
            tad Tad Marshall
            Reporter:
            gerry f Gerry F
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: