Project

General

Profile

Bug #10614

Possible access violation in WApplication::UpdateLock

Added by Steven Köhler about 1 month ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
Start date:
07/07/2022
Due date:
% Done:

0%

Estimated time:

Description

During testing I encountered an access violation while trying to acquire an WApplication::UpdateLock. I used a thread pool to outsource some expensive calculations to not unnecessarily slow application creation. Since it could happen that the application gets destroyed before all workers are finished, I added an application-pointer to each worker, that gets set to nullptr on application destruction, which I then use to get an UpdateLock to be sure I can safely update the application. The corresponding code looks something like this:

/* do expensive stuff */
WApplication::UpdateLock lock{ /* might-be-null-ptr */ };
if (lock) { /* update application */ }

As it turned out, creating the UpdateLock with a nullptr causes an access violation, since there is no null check for the passed pointer before acessing it. I initially assumed that taking the lock just fails in this situation, since there is no application to lock, and which imho should be the expected behavior. It can easily be worked around by doing a manual null check first, but since this might be forgotten and it shouldn't be that easy to kill the whole server anyways, it would be better to add the null check directly to UpdateLock.

I already implemented the proposed fix and created a pull request for it.

#1

Updated by Steven Köhler about 1 month ago

Link to the pull request: https://github.com/emweb/wt/pull/195

#2

Updated by Roel Standaert about 1 month ago

  • Target version set to 4.9.0

Also available in: Atom PDF