Closed NKID00 closed 2 months ago
Version
latest commit on branch master (https://github.com/bytedance/monoio/commit/e7a6dc13d67831553bd55901f58b5f1fb436d625)
Platform
Linux 6.6
Description
There is a non-atomic compare-and-swap operation in monoio::task::state::State::drop_join_handle_fast, which can lead to race condition and use-after-free when JoinHandle is dropped concurrently.
Proof-of-concept that can cause segmentation fault.
This issue originates from my attempt to integrate monoio into OpenDAL (https://github.com/apache/opendal/pull/4944), where a ci fails at random.
Version
latest commit on branch master (https://github.com/bytedance/monoio/commit/e7a6dc13d67831553bd55901f58b5f1fb436d625)
Platform
Linux 6.6
Description
There is a non-atomic compare-and-swap operation in monoio::task::state::State::drop_join_handle_fast, which can lead to race condition and use-after-free when JoinHandle is dropped concurrently.
Proof-of-concept that can cause segmentation fault.
This issue originates from my attempt to integrate monoio into OpenDAL (https://github.com/apache/opendal/pull/4944), where a ci fails at random.