Threading issues with nls_msg_get_W2 under heavy load
The implementation of nls_msg_get_W2 uses a 2D array of wchar's – it's currently configured to store 8 strings of 5120 characters each. Each time a call is made to this method the next string in the array is populated with data and is returned. When the code gets to the 8th string it wraps back around and uses the first one.
This method is thread-safe – a mutex only allows one thread to request a string at a time. Nevertheless, the method has a threading vulnerability in that it returns pointers to the 2D wchar array. If the load is high enough (i.e. the number of active threads calling this method is high), then at some point another thread will request a string that causes the 2D array position to wrap back to a string that's currently being held and processed by another thread. The new thread will overwrite the string, resulting in an access violation in the other thread.
Change History
(4)
| Resolution: |
→ fixed
|
| Status: |
assigned → closed
|
Fix submitted to trunk stream with r5117.