Boost C++ Libraries: Ticket #9122: Reading and writing from/to the windows::stream_handle will cause blind stack writes

attachment set

smueller@… — Mon, 16 Sep 2013 22:31:52 GMT

attachment → win_iocp_handle_service.ipp.patch

Suggested fix (untested at time of post)

attachment set

smueller@… — Tue, 17 Sep 2013 20:50:50 GMT

attachment → win_iocp_handle_service.ipp.2.patch

patch from SVN head

smueller@… — Tue, 17 Sep 2013 21:31:23 GMT

This is a problem for most of the I/O calls used by the Windows implementation: WriteFile ReadFile WSASend WSARecv WSASendTo WSARecvFrom

Interestingly enough, AcceptEx does not have this problem. MSDN explicitly states that if AcceptEx returns ERROR_PENDING to indicate asynchronous completion, the bytes received parameter is not written to at all.

attachment set

smueller@… — Tue, 17 Sep 2013 21:33:01 GMT

attachment → win_iocp_socket_service_base.ipp.patch

Patch for SVN head of win_iocp_socket_service_base.ipp

smueller@… — Mon, 23 Sep 2013 18:58:32 GMT

Note that the first attachment, win_iocp_handle_service.ipp.patch, had the arguments reversed for diff. It's a rookie mistake, and for that I apologize. Please disregard that patch. The other two are good, though.

This is an important fix, as the cross-thread stack write is a notoriously evil bug to track down. I had this same bug in server code I am currently maintaining, and I managed by some massive luck to track it down. It can cause all manner of craziness that you'd never expect. In the best case, stack data after (before) the current frame on the thread is written. In the best fault case, you get a crash. In the worst case, you get completely unexpected program flow.

status changed; resolution set

chris_kohlhoff — Mon, 05 May 2014 08:50:38 GMT

status new → closed
resolution → invalid

This was followed up in private emails. It is not an issue.