Skip to content

Fix ReusableStringStream to access the container under the lock#3031

Merged
horenmar merged 1 commit intocatchorg:develfrom
dunhor:devel
Sep 25, 2025
Merged

Fix ReusableStringStream to access the container under the lock#3031
horenmar merged 1 commit intocatchorg:develfrom
dunhor:devel

Conversation

@dunhor
Copy link
Contributor

@dunhor dunhor commented Sep 24, 2025
edited
Loading

Description

Commit 582200a made ReusableStringStream's index reservation thread safe, however it's still accessing the m_streams vector outside the lock. This makes it so that the add call returns the pointer in addition to the index so that the lock doesn't need to get acquired again until destruction.

The issue with accessing m_streams outside the lock is that add can call push_back on the vector, which might re-allocate. If this re-allocation occurs concurrently with anther thread trying to index into this array, you get UB (typically a null pointer read).

@dunhor dunhor mentioned this pull request Sep 24, 2025
Closed
@codecov
Copy link

codecov bot commented Sep 24, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.77%. Comparing base (b626e4c) to head (e880ebb).
⚠️ Report is 1 commits behind head on devel.

Additional details and impacted files 
@@           Coverage Diff           @@
##            devel    #3031   +/-   ##
=======================================
  Coverage   90.77%   90.77%           
=======================================
  Files         201      201           
  Lines        8707     8707           
=======================================
  Hits         7903     7903           
  Misses        804      804
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dunhor
Copy link
Contributor Author

dunhor commented Sep 24, 2025
edited
Loading

Hmm. I applied the patch to our build, but now ASan happened to hit a double free. I'll need to investigate this some more.

https://dev.azure.com/msft-wil/3aea0394-d119-4b82-84fa-a5186532efe9/_apis/build/builds/1419/logs/56

@dunhor
Copy link
Contributor Author

dunhor commented Sep 25, 2025

Hmm. I applied the patch to our build, but now ASan happened to hit a double free. I'll need to investigate this some more.

https://dev.azure.com/msft-wil/3aea0394-d119-4b82-84fa-a5186532efe9/_apis/build/builds/1419/logs/56

Woops, I'm dumb. The thread support needs to be explicitly enabled. Still, this is a legitimate bug since concurrent access to the vector is unsafe as another thread can be calling push_back at the same time.

@horenmar
Copy link
Member

horenmar commented Sep 25, 2025

Thanks, I completely missed the potential for resize when figuring out where to take the lock.

@horenmar horenmar merged commit f7e7fa0 into catchorg:devel Sep 25, 2025
84 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

BugFix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dunhor @horenmar