Fix a data race that could manifest as null pointer dereference in FutureBase::Release() #747
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dconeybe
added
the
tests-requested: quick
github-actions
bot
added
tests: in-progress
❌ Integration test FAILEDRequested by @dconeybe on commit a219a97
Add flaky tests to go/fpl-cpp-flake-tracker |
firebase-workflow-trigger
bot
removed
the
tests: in-progress
… api_ was always assigned to null
…plicated in the call to the copy/move operators
dconeybe
added
the
tests-requested: quick
github-actions
bot
added
tests: in-progress
…e private headers
dconeybe
added
the
tests-requested: quick
github-actions
bot
removed
tests-requested: quick
jonsimantov
reviewed
Nov 15, 2021
| @@ -20,6 +20,7 @@ | |||
| #include <stddef.h> | |||
| #include <stdint.h> | |||
|
|
|||
| #include <mutex> | |||
There was a problem hiding this comment.
Can you use firebase::Mutex and firebase::MutexLock instead?
jonsimantov
reviewed
Nov 15, 2021
release_build_files/readme.md
Outdated
| @@ -569,6 +569,9 @@ code. | |||
| ## Release Notes | |||
| ### Next Release | |||
| - Changes | |||
| - All Products (Android): Fixed a data race that could manifest as null | |||
There was a problem hiding this comment.
Can you change this to "General (Android):"?
jonsimantov
previously approved these changes
Nov 15, 2021
github-actions
bot
dismissed
jonsimantov’s stale review
🍞 Dismissed stale approval on external PR.
![github-actions[bot]](https://cdn.statically.io/img/avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| @@ -20,6 +20,7 @@ | |||
| #include <stddef.h> | |||
| #include <stdint.h> | |||
|
|
|||
| #include <mutex> | |||
There was a problem hiding this comment.
<mutex> is an unapproved C++11 header.
| } | ||
| detail::RegisterForCleanup(api_, this); | ||
| } | ||
|
|
||
| return *this; | ||
| } | ||
|
|
||
| #if defined(FIREBASE_USE_MOVE_OPERATORS) | ||
| inline FutureBase::FutureBase(FutureBase&& rhs) noexcept | ||
| : api_(NULL) // NOLINT | ||
| { |
There was a problem hiding this comment.
{ should almost always be at the end of the previous line
There was a problem hiding this comment.
Oh, could you fix the lint warning actually?
There was a problem hiding this comment.
Oh wait just noticed it's not in your code - never mind.
firebase-workflow-trigger
bot
removed
the
tests: in-progress
dconeybe
added
the
tests-requested: quick
github-actions
bot
added
tests: in-progress
firebase-workflow-trigger
bot
removed
the
tests: in-progress
jonsimantov
reviewed
Nov 16, 2021
| @@ -569,6 +569,9 @@ code. | |||
| ## Release Notes | |||
| ### Next Release | |||
| - Changes | |||
| - General (Android): Fixed a data race that could manifest as null pointer | |||
There was a problem hiding this comment.
One last note (it can wait for the followup) - this isn't Android only, right? We can remove the "(Android)" tag.
There was a problem hiding this comment.
Ahh right. I've opened #749 to fix the release notes entry.
jonsimantov
approved these changes
Nov 16, 2021
github-actions
bot
added
tests: in-progress
dconeybe
added a commit
that referenced
this pull request
Nov 16, 2021
I had originally thought that the issue was specific to Android, because the bug only surfaced on Android; however, it indeed affects all platforms.
firebase-workflow-trigger
bot
removed
the
tests: in-progress
dconeybe
added a commit
that referenced
this pull request
Nov 22, 2021
DellaBitta
added a commit
that referenced
this pull request
Dec 1, 2021
* Fix test on emulator workflow failures (#734) * If simulator install ios app failed, reset simulator and try again (#733) * Trigger workflow move github api cod to github.py (#746) * Fix a data race that could manifest as null pointer dereference in FutureBase::Release() (#747) * Cancel callbacks for messaging (#745) * Cancel callbacks for messaging util::Terminate is referenced counted som when there ar more APIs than messaging active the callbacks will not be canceled until later and still cause a NULL ref due to the FutureData being destroyed now. * Cancel callback earlier * Update readme * Remove "Android" tag from the release notes entry for #747 (#749) * Remove calls to LogInfo, LogError, LogDebug during obj-c +load. (#706) * Remove calls to LogInfo, LogError, LogDebug during obj-c +load. This could be causing an issue in C++ as global class constructors have not yet been run. * Add Objective-C/C++ and Java to code formatter script; format those files. (#755) * Allow format_code to format .m/.mm files; clang-format already knows how. * Run format_code.py on all objective-c/objective-c++ files. * Add Java file extensions to format_code.py * Format all Java source files. * Remove check for objc header, as they are now supported. * Format objective-c .h files. * Don't let lint comment on line length any more; code formatting will report that. * Messaging crash during initialization (#760) * Messaging crash during initialization * Update readme * Don't redeclare inherited state in CredentialsProviderDesktop (#731) * Reduce disk space usage when packaging the built SDK (#763) Remove intermediate build files during desktop packaging step. This should reduce the disk space usage, as those files (*.o and *.obj) are not required when merging libraries. * Workaround for Linux x86 build: downgrade libraries on GitHub runners (#764) When installing 32-bit Linux dependencies on GitHub runners, downgrade libpcre2-8-0 to an earlier version to ensure compatibility with the i386 version of the package. This is something that should be fixed in a subsequent Ubuntu release and so is a temporary workaround. This also adds checks to the various prerequisite commands run by build_desktop.py, which was previously just silently ignoring errors (making this much harder to track down). Now it will error out as soon as a command fails. Co-authored-by: Mou Sun <69009538+sunmou99@users.noreply.github.com> Co-authored-by: Denver Coneybeare <dconeybe@google.com> Co-authored-by: Tobias Barendt <tobias@robotsquid.com> Co-authored-by: Jon Simantov <jsimantov@google.com> Co-authored-by: Sebastian Schmidt <mrschmidt@google.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
FutureBaseclass has two data members that can be accessed concurrently from multiple threads without any synchronization:api_andhandle_. This data race was detected by the thread sanitizer.Although there are no known customer reports of crashes resulting from this data race, a recent continuous integration run crashed in Firestore with a null pointer dereference in the following stack trace:
The test in question is
FirestoreCanBeDeletedFromTransaction:firebase-cpp-sdk/firestore/integration_test_internal/src/firestore_test.cc
Lines 1528 to 1544 in 9efb188
This test deletes the
Firestoreinstance from an auxiliary thread, which would cause all of theFutureobjects it owns to be "released" from that alternate thread. Therefore, in rare conditions, this would race with the deletion of theFutureobject from the test thread, and yield the null pointer dereference.This PR fixes the data race by protecting those two members with a mutex.
Googlers can see b/183225305 and b/205966141 for more details.