Race condition in transient bean resolution #449

Closed
seancorfield opened this Issue Sep 17, 2016 · 0 comments

Comments

Projects
None yet
1 participant
@seancorfield
Member

seancorfield commented Sep 17, 2016

Per @jcberquist on Slack:

I think that the way ioc.cfc uses an accumulatorCache that is stored in the variables scope can create a race condition in resolveBeanCreate(), at least with transient beans. Does the following make sense: when there are simultaneous requests for instances of a transient bean, those resolveBeanCreate() calls will be sharing an accumulator cache via the variables scope. resolveBeanCreate() calls itself to resolve dependencies, and each time it sets accumulator.bean to the desired instantiated bean. This means that every request for the original transient bean resolving at that time, if it is still in the resolveBeanCreate() method, gets its accumulator.bean value overwritten, which means it can return the wrong bean, or resolve its dependencies incorrectly (depending on where it is in the method).

I encountered this today with a transient bean (the app didn't get the right bean back and errored), and I am not sure if it could happen with singletons or not. But I saw it happen with the transients, and the above scenario is the only way (so far) I can see it happening.

@seancorfield seancorfield added the bug label Sep 17, 2016

@seancorfield seancorfield added this to the 4.0 milestone Sep 17, 2016

@seancorfield seancorfield self-assigned this Sep 17, 2016

seancorfield added a commit that referenced this issue Sep 17, 2016

Address #449 by not caching bean in accumulator
This modifies `resolveBeanCreate()` to no longer cache the bean in the
accumulator and instead return a fresh structure each time (whilst still
caching the other metadata from the accumulator).

This should solve the general problem but still leaves a potential edge
case when transients have transients as dependencies (because the
injected transients are still going to be cached... I think).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment