Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UB on ResultIterator drop #153

Open
rukai opened this issue Nov 7, 2022 · 1 comment
Open

UB on ResultIterator drop #153

rukai opened this issue Nov 7, 2022 · 1 comment
Labels
bug help wanted

Comments

@rukai
Copy link
Contributor

rukai commented Nov 7, 2022
edited

If a ResultIterator is dropped while a Row it returned is still alive then we hit undefined behavior. I have seen this exposed as garbage data and segfaults.
Specifically cass_iterator_free is the underlying API call, its documentation does not say not to call it while children are alive, so not sure if its our bug or an upstream bug.

Specifically the driver version that exposed this issue to us was 0.16.2, the problem did not occur in 0.16.1.
Its likely caused by one of these performance PRs:
@rukai rukai mentioned this issue Nov 7, 2022
Merged
@kw217
Copy link
Collaborator

kw217 commented Nov 7, 2022

That's annoying. I suspect #101 would have fixed this if it was ever completed, but it doesn't look like that's happening. Thank you very much for diagnosing! From the comments, it looks like CassResult is supposed to last at least as long as ResultIterator, and also at least as long as Row. We didn't expect the iterator being freed to do anything to the row, as long as the CassResult was still held. Some tweaking of phantom fields is probably required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kw217 @rukai