Potential race condition in `WebSocketListenerFlowAdapter.onClose()`

joffrey-bion / krossbow

A Kotlin multiplatform coroutine-based STOMP client over websockets, with built-in conversions.

MIT License

196 stars 14 forks source link

Potential race condition in `WebSocketListenerFlowAdapter.onClose()` #477

Closed joffrey-bion closed 5 months ago

joffrey-bion commented 5 months ago

What happened?

The isClosedForSend check doesn't guarantee that the subsequent send() of the Close frame is safe. Someone could concurrently call other functions like onClose() itself, or onError, which could close or fail the channel between the check and the send.

Reproduction and additional details

No response

Krossbow version

5.12.0

Krossbow modules

krossbow-websocket-core

Kotlin version

1.9.23

Kotlin target platforms

All targets / irrelevant

joffrey-bion commented 5 months ago

This is irrelevant, as the whole WebSocketListenerFlowAdapter class is not thread-safe anyway, and synchronization must happen on the caller's side.