| commit | 4774735cd4ec8de13502bde2a975e38cee6cd865 | |
| author | Rick Lavoie <rlavoie@fb.com> | |
| Thu, 25 Feb 2021 00:10:59 +0000 (24 16:10 -0800) | ||
| committer | Facebook GitHub Bot <facebook-github-bot@users.noreply.github.com> | |
| Fri, 26 Feb 2021 00:31:43 +0000 (25 16:31 -0800) | ||
| tree | 62179383b9436695e5a8bb65946d06c87d525aa7 | treesnapshot (tar.gz zip) |
| parent | e1f3e3fb06da17e2cad307930ff9428f9c3ca09c | commitdiff |
Fix race condition in APCFileStorage
Summary:
APCFileStorage can have two threads. One in
APCFileStorage::put(), and another in
APCFileStorage::addFile(). addFile() can push a value into m_chunks,
which can trigger a resize. While that resizing is happening, put()
can read from the vector, and read garbage. In particular, in debug
builds, it will read a trash fill value. It uses this value to
construct a pointer, and storing to that garbage value will trigger a
segfault.
It's not safe to push back on a std::vector concurrently like
this. Switch to using tbb::concurrent_vector instead. I don't know why
this hasn't been a problem until now.
Reviewed By: colavitam
Differential Revision: D26643350
fbshipit-source-id: f333e001959129ae0a090fbeaac1f2e2897a2602
Summary:
APCFileStorage can have two threads. One in
APCFileStorage::put(), and another in
APCFileStorage::addFile(). addFile() can push a value into m_chunks,
which can trigger a resize. While that resizing is happening, put()
can read from the vector, and read garbage. In particular, in debug
builds, it will read a trash fill value. It uses this value to
construct a pointer, and storing to that garbage value will trigger a
segfault.
It's not safe to push back on a std::vector concurrently like
this. Switch to using tbb::concurrent_vector instead. I don't know why
this hasn't been a problem until now.
Reviewed By: colavitam
Differential Revision: D26643350
fbshipit-source-id: f333e001959129ae0a090fbeaac1f2e2897a2602
| hphp/runtime/base/apc-file-storage.h | diffblobblamehistory |