rdsn: fix asio_rpc_session bug which may cause double free (#115)

apache · Jun 29, 2018 · 044ce72 · 044ce72
1 parent ea6541c
commit 044ce72
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 14 deletions.
diff --git a/include/dsn/c/api_utilities.h b/include/dsn/c/api_utilities.h
@@ -36,6 +36,7 @@
 #pragma once
 
 #include <dsn/c/api_common.h>
+#include <dsn/utility/ports.h>
 
 /*!
 @defgroup logging Logging Service

diff --git a/include/dsn/utility/autoref_ptr.h b/include/dsn/utility/autoref_ptr.h
@@ -46,15 +46,18 @@ class ref_counter
 
     virtual ~ref_counter()
     {
-        if (_magic != 0xdeadbeef) { // 3735928559
-            assert(!"memory corrupted, could be double free or others");
-        } else {
-            _magic = 0xfacedead; // 4207861421
-        }
+        // 0xdeadbeef: 3735928559
+        assert(_magic == 0xdeadbeef);
+
+        // 0xfacedead: 4207861421
+        _magic = 0xfacedead;
     }
 
     void add_ref()
     {
+        // 0xdeadbeef: 3735928559
+        assert(_magic == 0xdeadbeef);
+
         // Increasing the reference counter can always be done with memory_order_relaxed:
         // New references to an object can only be formed from an existing reference,
         // and passing an existing reference from one thread to another must already provide any
@@ -64,6 +67,9 @@ class ref_counter
 
     void release_ref()
     {
+        // 0xdeadbeef: 3735928559
+        assert(_magic == 0xdeadbeef);
+
         // It is important to enforce any possible access to the object in one thread
         //(through an existing reference) to happen before deleting the object in a different
         // thread.

diff --git a/include/dsn/utility/endians.h b/include/dsn/utility/endians.h
@@ -5,8 +5,8 @@
 #pragma once
 
 #include <cstdint>
+#include <cassert>
 #include <endian.h>
-#include <dsn/service_api_c.h>
 #include <dsn/utility/string_view.h>
 
 namespace dsn {
@@ -57,7 +57,7 @@ class data_output
     void ensure(size_t sz)
     {
         size_t cap = _end - _ptr;
-        dassert(cap >= sz, "capacity %zu is not enough for %zu", cap, sz);
+        assert(cap >= sz);
     }
 
 private:
@@ -107,10 +107,7 @@ class data_input
         _size -= sz;
     }
 
-    void ensure(size_t sz)
-    {
-        dassert(_size >= sz, " content(%zu) is not enough for reading %zu size", _size, sz);
-    }
+    void ensure(size_t sz) { assert(_size >= sz); }
 
 private:
     const char *_p{nullptr};

diff --git a/src/core/tools/common/asio_net_provider.cpp b/src/core/tools/common/asio_net_provider.cpp
@@ -137,7 +137,10 @@ void asio_network_provider::do_accept()
                                      (std::shared_ptr<boost::asio::ip::tcp::socket> &)socket,
                                      null_parser,
                                      false);
-            this->on_server_session_accepted(s);
+            on_server_session_accepted(s);
+
+            // we should start read immediately after the rpc session is completely created.
+            s->start_read_next();
         }
 
         do_accept();

diff --git a/src/core/tools/common/asio_rpc_session.cpp b/src/core/tools/common/asio_rpc_session.cpp
@@ -170,8 +170,6 @@ asio_rpc_session::asio_rpc_session(asio_network_provider &net,
     : rpc_session(net, remote_addr, parser, is_client), _socket(socket)
 {
     set_options();
-    if (!is_client)
-        start_read_next();
 }
 
 void asio_rpc_session::on_failure(bool is_write)

diff --git a/src/core/tools/common/thrift_message_parser.cpp b/src/core/tools/common/thrift_message_parser.cpp
@@ -268,6 +268,7 @@ dsn::message_ex *thrift_message_parser::parse_message(const thrift_message_heade
 
     dsn_hdr->id = seqid;
     strncpy(dsn_hdr->rpc_name, fname.c_str(), DSN_MAX_TASK_CODE_NAME_LENGTH);
+    dsn_hdr->rpc_name[DSN_MAX_TASK_CODE_NAME_LENGTH - 1] = '\0';
     dsn_hdr->gpid.set_app_id(thrift_header.app_id);
     dsn_hdr->gpid.set_partition_index(thrift_header.partition_index);
     dsn_hdr->client.timeout_ms = thrift_header.client_timeout;