-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[C++] Fix potential crash caused by AckGroupTracker's timer #8519
Merged
codelipenghui
merged 4 commits into
apache:master
from
BewareMyPower:bewaremypower/fix-cpp-ack-group
Nov 12, 2020
Merged
[C++] Fix potential crash caused by AckGroupTracker's timer #8519
codelipenghui
merged 4 commits into
apache:master
from
BewareMyPower:bewaremypower/fix-cpp-ack-group
Nov 12, 2020
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BewareMyPower
changed the title
[C++] Fix potential crash caused by AckGroupTracker's timer
[WIP][C++] Fix potential crash caused by AckGroupTracker's timer
Nov 11, 2020
BewareMyPower
changed the title
[WIP][C++] Fix potential crash caused by AckGroupTracker's timer
[C++] Fix potential crash caused by AckGroupTracker's timer
Nov 11, 2020
BewareMyPower
changed the title
[C++] Fix potential crash caused by AckGroupTracker's timer
[WIP][C++] Fix potential crash caused by AckGroupTracker's timer
Nov 11, 2020
/pulsarbot run-failure-checks |
BewareMyPower
changed the title
[WIP][C++] Fix potential crash caused by AckGroupTracker's timer
[C++] Fix potential crash caused by AckGroupTracker's timer
Nov 11, 2020
jiazhai
approved these changes
Nov 12, 2020
/pulsarbot cherry-pick to branch-2.6 |
github-actions bot
pushed a commit
that referenced
this pull request
Nov 12, 2020
### Motivation The `AckGroupingTrackerEnabled`'s timer callback only captures `this`, which is a weak reference to the `AckGroupingTrackerEnabled ` instance. If the instance went out of the scope and destroyed, `this` would point to an invalid block. Even if the destructor of `AckGroupingTrackerEnabled` cancels the timer, the callback may not be triggered immediately. There's still a possibility that when the callback is triggered, the error code is 0 but accessing to `this` is invalid. For example, there's a crash caused by the callback in production environment that is hard to reproduce: ``` #6 <signal handler called> #7 0x00007fb4e67c5cb8 in ?? () #8 0x00007fb604981adb in operator() (ec=..., __closure=0x7fb52b0fb230) at /usr/local/src/apache-pulsar-microfocus/pulsar-client-cpp/lib/AckGroupingTrackerEnabled.cc:148 #9 operator() (this=0x7fb52b0fb230) at /usr/local/include/boost/asio/detail/bind_handler.hpp:47 ``` ### Modifications - Use `std::shared_ptr` instead of `std::unique_ptr` for `AckGroupingTrackerEnabled`, then capture the shared pointer in timer callback's lambda expression to extend the lifetime of `this`. - Add `start()` method to `AckGroupingTracker` to avoid `std::bad_weak_ptr` because `shared_from_this()` in a constructor returns a null pointer. - Use `std::weak_ptr` to reference `HandlerBase` in case that the handler may be invalid when the timer callback is triggered.
codelipenghui
pushed a commit
that referenced
this pull request
Nov 12, 2020
### Motivation The `AckGroupingTrackerEnabled`'s timer callback only captures `this`, which is a weak reference to the `AckGroupingTrackerEnabled ` instance. If the instance went out of the scope and destroyed, `this` would point to an invalid block. Even if the destructor of `AckGroupingTrackerEnabled` cancels the timer, the callback may not be triggered immediately. There's still a possibility that when the callback is triggered, the error code is 0 but accessing to `this` is invalid. For example, there's a crash caused by the callback in production environment that is hard to reproduce: ``` #6 <signal handler called> #7 0x00007fb4e67c5cb8 in ?? () #8 0x00007fb604981adb in operator() (ec=..., __closure=0x7fb52b0fb230) at /usr/local/src/apache-pulsar-microfocus/pulsar-client-cpp/lib/AckGroupingTrackerEnabled.cc:148 #9 operator() (this=0x7fb52b0fb230) at /usr/local/include/boost/asio/detail/bind_handler.hpp:47 ``` ### Modifications - Use `std::shared_ptr` instead of `std::unique_ptr` for `AckGroupingTrackerEnabled`, then capture the shared pointer in timer callback's lambda expression to extend the lifetime of `this`. - Add `start()` method to `AckGroupingTracker` to avoid `std::bad_weak_ptr` because `shared_from_this()` in a constructor returns a null pointer. - Use `std::weak_ptr` to reference `HandlerBase` in case that the handler may be invalid when the timer callback is triggered. (cherry picked from commit cfa65d0)
cherry-picked to branch-2.6 |
codelipenghui
pushed a commit
to streamnative/pulsar-archived
that referenced
this pull request
Nov 13, 2020
) ### Motivation The `AckGroupingTrackerEnabled`'s timer callback only captures `this`, which is a weak reference to the `AckGroupingTrackerEnabled ` instance. If the instance went out of the scope and destroyed, `this` would point to an invalid block. Even if the destructor of `AckGroupingTrackerEnabled` cancels the timer, the callback may not be triggered immediately. There's still a possibility that when the callback is triggered, the error code is 0 but accessing to `this` is invalid. For example, there's a crash caused by the callback in production environment that is hard to reproduce: ``` #6 <signal handler called> #7 0x00007fb4e67c5cb8 in ?? () #8 0x00007fb604981adb in operator() (ec=..., __closure=0x7fb52b0fb230) at /usr/local/src/apache-pulsar-microfocus/pulsar-client-cpp/lib/AckGroupingTrackerEnabled.cc:148 #9 operator() (this=0x7fb52b0fb230) at /usr/local/include/boost/asio/detail/bind_handler.hpp:47 ``` ### Modifications - Use `std::shared_ptr` instead of `std::unique_ptr` for `AckGroupingTrackerEnabled`, then capture the shared pointer in timer callback's lambda expression to extend the lifetime of `this`. - Add `start()` method to `AckGroupingTracker` to avoid `std::bad_weak_ptr` because `shared_from_this()` in a constructor returns a null pointer. - Use `std::weak_ptr` to reference `HandlerBase` in case that the handler may be invalid when the timer callback is triggered. (cherry picked from commit cfa65d0) (cherry picked from commit 98591c4)
flowchartsman
pushed a commit
to flowchartsman/pulsar
that referenced
this pull request
Nov 17, 2020
) ### Motivation The `AckGroupingTrackerEnabled`'s timer callback only captures `this`, which is a weak reference to the `AckGroupingTrackerEnabled ` instance. If the instance went out of the scope and destroyed, `this` would point to an invalid block. Even if the destructor of `AckGroupingTrackerEnabled` cancels the timer, the callback may not be triggered immediately. There's still a possibility that when the callback is triggered, the error code is 0 but accessing to `this` is invalid. For example, there's a crash caused by the callback in production environment that is hard to reproduce: ``` #6 <signal handler called> apache#7 0x00007fb4e67c5cb8 in ?? () apache#8 0x00007fb604981adb in operator() (ec=..., __closure=0x7fb52b0fb230) at /usr/local/src/apache-pulsar-microfocus/pulsar-client-cpp/lib/AckGroupingTrackerEnabled.cc:148 apache#9 operator() (this=0x7fb52b0fb230) at /usr/local/include/boost/asio/detail/bind_handler.hpp:47 ``` ### Modifications - Use `std::shared_ptr` instead of `std::unique_ptr` for `AckGroupingTrackerEnabled`, then capture the shared pointer in timer callback's lambda expression to extend the lifetime of `this`. - Add `start()` method to `AckGroupingTracker` to avoid `std::bad_weak_ptr` because `shared_from_this()` in a constructor returns a null pointer. - Use `std::weak_ptr` to reference `HandlerBase` in case that the handler may be invalid when the timer callback is triggered.
saosir
pushed a commit
to saosir/pulsar
that referenced
this pull request
Nov 30, 2020
…mer(issue like #apache#8519) ### Motivation - pulsar-client-cpp Consumer do AcknowledgeCumulative just clean up `msgId`, not <= `msgId` in `UnAckedMessageTrackerEnabled::removeMessagesTill` - potential crash caused by UnAckedMessageTrackerEnabled's timer(see issue like apache#8519) ### Modifications - When do AcknowledgeCumulative from application, earse <= `msgId` in UnAckedMessageTrackerEnabled, avoid redeliver unnecessary unacknowledged messages to Broker - Use std::shared_ptr instead of std::unique_ptr for UnAckedMessageTrackerEnabled - add `start()`, `close()` method to `UnAckedMessageTrackerEnabled` solve same issue see apache#8519 - add `isEmpty()`, `size()` method to `UnAckedMessageTrackerEnabled` for checking of test case - when close `UnAckedMessageTrackerEnabled` and `AckGroupingTrackerEnabled`, reset shared_ptr `timer_` - add unit test for `UnAckedMessageTrackerEnabled`
saosir
pushed a commit
to saosir/pulsar
that referenced
this pull request
Nov 30, 2020
…mer(issue like #apache#8519) - pulsar-client-cpp Consumer do AcknowledgeCumulative just clean up `msgId`, not <= `msgId` in `UnAckedMessageTrackerEnabled::removeMessagesTill` - potential crash caused by UnAckedMessageTrackerEnabled's timer(see issue like apache#8519) - When do AcknowledgeCumulative from application, earse <= `msgId` in UnAckedMessageTrackerEnabled, avoid redeliver unnecessary unacknowledged messages to Broker - Use std::shared_ptr instead of std::unique_ptr for UnAckedMessageTrackerEnabled - add `start()`, `close()` method to `UnAckedMessageTrackerEnabled` solve same issue see apache#8519 - add `isEmpty()`, `size()` method to `UnAckedMessageTrackerEnabled` for checking of test case - when close `UnAckedMessageTrackerEnabled` and `AckGroupingTrackerEnabled`, reset shared_ptr `timer_` - add unit test for `UnAckedMessageTrackerEnabled`
saosir
added a commit
to saosir/pulsar
that referenced
this pull request
Nov 30, 2020
…mer(issue like #apache#8519) - pulsar-client-cpp Consumer do AcknowledgeCumulative just clean up `msgId`, not <= `msgId` in `UnAckedMessageTrackerEnabled::removeMessagesTill` - potential crash caused by UnAckedMessageTrackerEnabled's timer(see issue like apache#8519) - When do AcknowledgeCumulative from application, earse <= `msgId` in UnAckedMessageTrackerEnabled, avoid redeliver unnecessary unacknowledged messages to Broker - Use std::shared_ptr instead of std::unique_ptr for UnAckedMessageTrackerEnabled - add `start()`, `close()` method to `UnAckedMessageTrackerEnabled` solve same issue see apache#8519 - add `isEmpty()`, `size()` method to `UnAckedMessageTrackerEnabled` for checking of test case - when close `UnAckedMessageTrackerEnabled` and `AckGroupingTrackerEnabled`, reset shared_ptr `timer_` - add unit test for `UnAckedMessageTrackerEnabled` [C++] Fix potential crash caused by UnAckedMessageTrackerEnabled's timer(issue like #apache#8519) - pulsar-client-cpp Consumer do AcknowledgeCumulative just clean up `msgId`, not <= `msgId` in `UnAckedMessageTrackerEnabled::removeMessagesTill` - potential crash caused by UnAckedMessageTrackerEnabled's timer(see issue like apache#8519) - When do AcknowledgeCumulative from application, earse <= `msgId` in UnAckedMessageTrackerEnabled, avoid redeliver unnecessary unacknowledged messages to Broker - Use std::shared_ptr instead of std::unique_ptr for UnAckedMessageTrackerEnabled - add `start()`, `close()` method to `UnAckedMessageTrackerEnabled` solve same issue see apache#8519 - add `isEmpty()`, `size()` method to `UnAckedMessageTrackerEnabled` for checking of test case - when close `UnAckedMessageTrackerEnabled` and `AckGroupingTrackerEnabled`, reset shared_ptr `timer_` - add unit test for `UnAckedMessageTrackerEnabled`
saosir
added a commit
to saosir/pulsar
that referenced
this pull request
Nov 30, 2020
…mer(issue like #apache#8519) - pulsar-client-cpp Consumer do AcknowledgeCumulative just clean up `msgId`, not <= `msgId` in `UnAckedMessageTrackerEnabled::removeMessagesTill` - potential crash caused by UnAckedMessageTrackerEnabled's timer(see issue like apache#8519) - When do AcknowledgeCumulative from application, earse <= `msgId` in UnAckedMessageTrackerEnabled, avoid redeliver unnecessary unacknowledged messages to Broker - Use std::shared_ptr instead of std::unique_ptr for UnAckedMessageTrackerEnabled - add `start()`, `close()` method to `UnAckedMessageTrackerEnabled` solve same issue see apache#8519 - add `isEmpty()`, `size()` method to `UnAckedMessageTrackerEnabled` for checking of test case - when close `UnAckedMessageTrackerEnabled` and `AckGroupingTrackerEnabled`, reset shared_ptr `timer_` - add unit test for `UnAckedMessageTrackerEnabled` [C++] Fix potential crash caused by UnAckedMessageTrackerEnabled's timer(issue like #apache#8519) - pulsar-client-cpp Consumer do AcknowledgeCumulative just clean up `msgId`, not <= `msgId` in `UnAckedMessageTrackerEnabled::removeMessagesTill` - potential crash caused by UnAckedMessageTrackerEnabled's timer(see issue like apache#8519) - When do AcknowledgeCumulative from application, earse <= `msgId` in UnAckedMessageTrackerEnabled, avoid redeliver unnecessary unacknowledged messages to Broker - Use std::shared_ptr instead of std::unique_ptr for UnAckedMessageTrackerEnabled - add `start()`, `close()` method to `UnAckedMessageTrackerEnabled` solve same issue see apache#8519 - add `isEmpty()`, `size()` method to `UnAckedMessageTrackerEnabled` for checking of test case - when close `UnAckedMessageTrackerEnabled` and `AckGroupingTrackerEnabled`, reset shared_ptr `timer_` - add unit test for `UnAckedMessageTrackerEnabled`
saosir
added a commit
to saosir/pulsar
that referenced
this pull request
Nov 30, 2020
…mer(issue like #apache#8519) - pulsar-client-cpp Consumer do AcknowledgeCumulative just clean up `msgId`, not <= `msgId` in `UnAckedMessageTrackerEnabled::removeMessagesTill` - potential crash caused by UnAckedMessageTrackerEnabled's timer(see issue like apache#8519) - When do AcknowledgeCumulative from application, earse <= `msgId` in UnAckedMessageTrackerEnabled, avoid redeliver unnecessary unacknowledged messages to Broker - Use std::shared_ptr instead of std::unique_ptr for UnAckedMessageTrackerEnabled - add `start()`, `close()` method to `UnAckedMessageTrackerEnabled` solve same issue see apache#8519 - add `isEmpty()`, `size()` method to `UnAckedMessageTrackerEnabled` for checking of test case - when close `UnAckedMessageTrackerEnabled` and `AckGroupingTrackerEnabled`, reset shared_ptr `timer_` - add unit test for `UnAckedMessageTrackerEnabled` [C++] Fix potential crash caused by UnAckedMessageTrackerEnabled's timer(issue like #apache#8519) - pulsar-client-cpp Consumer do AcknowledgeCumulative just clean up `msgId`, not <= `msgId` in `UnAckedMessageTrackerEnabled::removeMessagesTill` - potential crash caused by UnAckedMessageTrackerEnabled's timer(see issue like apache#8519) - When do AcknowledgeCumulative from application, earse <= `msgId` in UnAckedMessageTrackerEnabled, avoid redeliver unnecessary unacknowledged messages to Broker - Use std::shared_ptr instead of std::unique_ptr for UnAckedMessageTrackerEnabled - add `start()`, `close()` method to `UnAckedMessageTrackerEnabled` solve same issue see apache#8519 - add `isEmpty()`, `size()` method to `UnAckedMessageTrackerEnabled` for checking of test case - when close `UnAckedMessageTrackerEnabled` and `AckGroupingTrackerEnabled`, reset shared_ptr `timer_` - add unit test for `UnAckedMessageTrackerEnabled`
saosir
added a commit
to saosir/pulsar
that referenced
this pull request
Nov 30, 2020
…mer(issue like #apache#8519) - pulsar-client-cpp Consumer do AcknowledgeCumulative just clean up `msgId`, not <= `msgId` in `UnAckedMessageTrackerEnabled::removeMessagesTill` - potential crash caused by UnAckedMessageTrackerEnabled's timer(see issue like apache#8519) - When do AcknowledgeCumulative from application, earse <= `msgId` in UnAckedMessageTrackerEnabled, avoid redeliver unnecessary unacknowledged messages to Broker - Use std::shared_ptr instead of std::unique_ptr for UnAckedMessageTrackerEnabled - add `start()`, `close()` method to `UnAckedMessageTrackerEnabled` solve same issue see apache#8519 - add `isEmpty()`, `size()` method to `UnAckedMessageTrackerEnabled` for checking of test case - when close `UnAckedMessageTrackerEnabled` and `AckGroupingTrackerEnabled`, reset shared_ptr `timer_` - add unit test for `UnAckedMessageTrackerEnabled` [C++] Fix potential crash caused by UnAckedMessageTrackerEnabled's timer(issue like #apache#8519) - pulsar-client-cpp Consumer do AcknowledgeCumulative just clean up `msgId`, not <= `msgId` in `UnAckedMessageTrackerEnabled::removeMessagesTill` - potential crash caused by UnAckedMessageTrackerEnabled's timer(see issue like apache#8519) - When do AcknowledgeCumulative from application, earse <= `msgId` in UnAckedMessageTrackerEnabled, avoid redeliver unnecessary unacknowledged messages to Broker - Use std::shared_ptr instead of std::unique_ptr for UnAckedMessageTrackerEnabled - add `start()`, `close()` method to `UnAckedMessageTrackerEnabled` solve same issue see apache#8519 - add `isEmpty()`, `size()` method to `UnAckedMessageTrackerEnabled` for checking of test case - when close `UnAckedMessageTrackerEnabled` and `AckGroupingTrackerEnabled`, reset shared_ptr `timer_` - add unit test for `UnAckedMessageTrackerEnabled`
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
The
AckGroupingTrackerEnabled
's timer callback only capturesthis
, which is a weak reference to theAckGroupingTrackerEnabled
instance. If the instance went out of the scope and destroyed,this
would point to an invalid block.Even if the destructor of
AckGroupingTrackerEnabled
cancels the timer, the callback may not be triggered immediately. There's still a possibility that when the callback is triggered, the error code is 0 but accessing tothis
is invalid. For example, there's a crash caused by the callback in production environment that is hard to reproduce:Modifications
std::shared_ptr
instead ofstd::unique_ptr
forAckGroupingTrackerEnabled
, then capture the shared pointer in timer callback's lambda expression to extend the lifetime ofthis
.start()
method toAckGroupingTracker
to avoidstd::bad_weak_ptr
becauseshared_from_this()
in a constructor returns a null pointer.std::weak_ptr
to referenceHandlerBase
in case that the handler may be invalid when the timer callback is triggered.Verifying this change
(Please pick either of the following options)
This change is a trivial rework / code cleanup without any test coverage.