Fix shared memory read mode potential issue #2032
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current when using SharedMemory, there are 2 issues for read mode.
They both accept parameters AccessMode mode.
However, with 1st constructor, SharedMemory::AM_READ should implicitly be called with sever = false.
Notice that parameter sever has a default value = true
It often confuses the user who are NOT so familiar with Poco::ShareMemory since if SharedMemory::AM_READ is used with default value of sever = true, will make system core dump.
Furthermore, for the example provided in SharedMemoryTest.cpp, only the function calls without setting sever (with default value = true) are provided.
Hence make a call to
SharedMemory mem("hi", 4096, SharedMemory::AM_READ);
will lead to system exception:
It needs the user to figure out they should call
SharedMemory mem("hi", 4096, SharedMemory::AM_READ, 0, false);
by checking source code themselves.
So the 1st proposed fix is to decide sever by AccessMode since read mode should not be master
Please notice that the logic below is legal now.
This example will finally lead to core dump when child process tries to read out of a page (4096 here) boundary.
In fact, currently the size if not checked so you can assign the reader a size which is larger than the writer (master). If it does NOT reach the limit of the boundary of a page, the part of over-assigned will be filled with 0 by OS for page alignment. However, once it exceeds the page boundary, we get core-dump. It is potentially dangerous.
Hence a fix is provided to compare the size and the file size; if the requested read size is larger than the actual size we have, we trim it to actual size for updating the internal info of the mapped shared memory.
The users may still need to check the real mapped size, ex: by looking size_t allocated = p1->end() - p1->begin(). But at least, the size will be an legal value instead of a casual one which could lead to system crash.