BwTree icon indicating copy to clipboard operation
BwTree copied to clipboard

Published 20 hours ago verified publisher icon wangziqi2013

"Use-after-free" race between workers and cleaner thread.

Open jrolli opened this issue 5 years ago • 0 comments

In ClearEpoch, the head_epoch_p is deallocated (bwtree.h:8442) even though there may be stale references that are about to attempt an atomic fetch_add on the object (bwtree.h:8091).

Although this race would be exceedingly rare, it would be safer to defer deallocation of the epoch to when current_epoch_p is unlinked in a future call to ClearEpoch.

jrolli avatar Jan 21 '20 14:01 jrolli