Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix race condition in ReadableNativeMap #36201

Closed
wants to merge 1 commit into from
Closed

Fix race condition in ReadableNativeMap #36201

wants to merge 1 commit into from

Conversation

rshest
Copy link
Contributor

@rshest rshest commented Feb 17, 2023

Summary:
[Changelog][Internal]

Guard call to the C++ ReadableNAtiveMap.importValues with a lock.

Note that all the occurrences in this class (together with importTypes) already were protected by a lock, except of this one, which with the very high chance caused crashes in T145271136.

My corresponding comment from the task, for justification:

If callstack to be trusted, the crash happens on the C++ side, in ReadableNativeMap::importValues().
It throws ArrayIndexOutOfBoundsException, which, looking at the code, seems to be only possible due to a corrupted data or race conditions.

Now, looking at the Java side of ReadableNativeMap, and the particular call site... it's very dodgy, since all other occurrences of calling to native importTypes/importValues are guarded by locks, but the one crashing isn't.

NOTE: A couple of importKeys() instances appears to suffer from the same problem as well.

Reviewed By: javache

Differential Revision: D43398416

@facebook-github-bot facebook-github-bot added CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. p: Facebook Partner: Facebook Partner fb-exported labels Feb 17, 2023
@facebook-github-bot
Copy link
Contributor

This pull request was exported from Phabricator. Differential Revision: D43398416

@github-actions
Copy link

github-actions bot commented Feb 17, 2023
edited

Fails
🚫

📋 Missing Changelog - Can you add a Changelog? To do so, add a "## Changelog" section to your PR description. A changelog entry has the following format: [CATEGORY] [TYPE] - Message.

CATEGORY may be:
  • General
  • iOS
  • Android
  • JavaScript
  • Internal (for changes that do not need to be called out in the release notes)

TYPE may be:

  • Added, for new features.
  • Changed, for changes in existing functionality.
  • Deprecated, for soon-to-be removed features.
  • Removed, for now removed features.
  • Fixed, for any bug fixes.
  • Security, in case of vulnerabilities.

MESSAGE may answer "what and why" on a feature level. Use this to briefly tell React Native users about notable changes.

Generated by 🚫 dangerJS against 032ceb1

@analysis-bot
Copy link

analysis-bot commented Feb 17, 2023
edited

Platform Engine Arch Size (bytes) Diff
android hermes arm64-v8a 8,451,956 -92
android hermes armeabi-v7a 7,775,339 -88
android hermes x86 8,927,558 -90
android hermes x86_64 8,785,168 -97
android jsc arm64-v8a 6,668,753 +104
android jsc armeabi-v7a 7,462,720 +106
android jsc x86 9,192,880 +106
android jsc x86_64 6,893,882 +107

Base commit: ed8a3e0
Branch: main

@rshest @facebook-github-bot
Fix race condition in ReadableNativeMap (facebook#36201)
032ceb1 
Summary:
Pull Request resolved: facebook#36201

[Changelog][Internal]

Guard call to the C++ ReadableNAtiveMap.importValues with a lock.

Note that all the occurrences in this class (together with importTypes) already were protected by a lock, except of this one, which with the very high chance caused crashes in T145271136.

My corresponding comment from the task,  for justification:
> If callstack to be trusted, the crash happens on the C++ side, in ReadableNativeMap::importValues().
It throws ArrayIndexOutOfBoundsException, which, looking at the code, seems to be only possible due to a corrupted data or race conditions.

> Now, looking at the Java side of ReadableNativeMap, and the particular call site... it's very dodgy, since all other occurrences of calling to native importTypes/importValues are guarded by locks, but the one crashing isn't.

NOTE: A couple of `importKeys()` instances appears to suffer from the same problem as well.

Reviewed By: javache

Differential Revision: D43398416

fbshipit-source-id: 642a7d6b9e38ea7ee303c113a66f6a5c5fa38cdd
@facebook-github-bot
Copy link
Contributor

This pull request was exported from Phabricator. Differential Revision: D43398416

@facebook-github-bot facebook-github-bot added the Merged This PR has been merged. label Feb 17, 2023
@facebook-github-bot
Copy link
Contributor

This pull request has been merged in 9aac13d.

kelset pushed a commit that referenced this pull request Mar 28, 2023
@rshest @kelset
Fix race condition in ReadableNativeMap (#36201)
0d3c70b 
Summary:
Pull Request resolved: #36201

[Changelog][Internal]

Guard call to the C++ ReadableNAtiveMap.importValues with a lock.

Note that all the occurrences in this class (together with importTypes) already were protected by a lock, except of this one, which with the very high chance caused crashes in T145271136.

My corresponding comment from the task,  for justification:
> If callstack to be trusted, the crash happens on the C++ side, in ReadableNativeMap::importValues().
It throws ArrayIndexOutOfBoundsException, which, looking at the code, seems to be only possible due to a corrupted data or race conditions.

> Now, looking at the Java side of ReadableNativeMap, and the particular call site... it's very dodgy, since all other occurrences of calling to native importTypes/importValues are guarded by locks, but the one crashing isn't.

NOTE: A couple of `importKeys()` instances appears to suffer from the same problem as well.

Reviewed By: javache

Differential Revision: D43398416

fbshipit-source-id: 0402de5dc723a2fba7d0247c8ad4aeff150d8340
@snyk-bot snyk-bot mentioned this pull request Apr 19, 2023
Open
@NOUIY NOUIY mentioned this pull request Apr 25, 2023
Open
Kudo pushed a commit to expo/react-native that referenced this pull request May 17, 2023
@rshest @Kudo
Fix race condition in ReadableNativeMap (facebook#36201)
b0e59ee 
Summary:
Pull Request resolved: facebook#36201

[Changelog][Internal]

Guard call to the C++ ReadableNAtiveMap.importValues with a lock.

Note that all the occurrences in this class (together with importTypes) already were protected by a lock, except of this one, which with the very high chance caused crashes in T145271136.

My corresponding comment from the task,  for justification:
> If callstack to be trusted, the crash happens on the C++ side, in ReadableNativeMap::importValues().
It throws ArrayIndexOutOfBoundsException, which, looking at the code, seems to be only possible due to a corrupted data or race conditions.

> Now, looking at the Java side of ReadableNativeMap, and the particular call site... it's very dodgy, since all other occurrences of calling to native importTypes/importValues are guarded by locks, but the one crashing isn't.

NOTE: A couple of `importKeys()` instances appears to suffer from the same problem as well.

Reviewed By: javache

Differential Revision: D43398416

fbshipit-source-id: 0402de5dc723a2fba7d0247c8ad4aeff150d8340
(cherry picked from commit 0d3c70b)
OlimpiaZurek pushed a commit to OlimpiaZurek/react-native that referenced this pull request May 22, 2023
@rshest @OlimpiaZurek
Fix race condition in ReadableNativeMap (facebook#36201)
8e8366c 
Summary:
Pull Request resolved: facebook#36201

[Changelog][Internal]

Guard call to the C++ ReadableNAtiveMap.importValues with a lock.

Note that all the occurrences in this class (together with importTypes) already were protected by a lock, except of this one, which with the very high chance caused crashes in T145271136.

My corresponding comment from the task,  for justification:
> If callstack to be trusted, the crash happens on the C++ side, in ReadableNativeMap::importValues().
It throws ArrayIndexOutOfBoundsException, which, looking at the code, seems to be only possible due to a corrupted data or race conditions.

> Now, looking at the Java side of ReadableNativeMap, and the particular call site... it's very dodgy, since all other occurrences of calling to native importTypes/importValues are guarded by locks, but the one crashing isn't.

NOTE: A couple of `importKeys()` instances appears to suffer from the same problem as well.

Reviewed By: javache

Differential Revision: D43398416

fbshipit-source-id: 0402de5dc723a2fba7d0247c8ad4aeff150d8340
@cipolleschi cipolleschi mentioned this pull request Aug 16, 2023
Merged
@cipolleschi cipolleschi mentioned this pull request Sep 21, 2023
Merged
@cipolleschi cipolleschi mentioned this pull request Oct 11, 2023
Merged
@cipolleschi cipolleschi mentioned this pull request Nov 1, 2023
Merged
This was referenced Jan 8, 2024
Merged
Merged
@cipolleschi cipolleschi mentioned this pull request Mar 6, 2024
Merged
@cipolleschi cipolleschi mentioned this pull request Apr 5, 2024
Closed
@cipolleschi cipolleschi mentioned this pull request Apr 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. fb-exported Merged This PR has been merged. p: Facebook Partner: Facebook Partner
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rshest @facebook-github-bot @analysis-bot