Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Concurrency security issues

See original GitHub issue

 public List<RegisterBrokerResult> registerBrokerAll(
        final String clusterName,
        final String brokerAddr,
        final String brokerName,
        final long brokerId,
        final String haServerAddr,
        final TopicConfigSerializeWrapper topicConfigWrapper,
        final List<String> filterServerList,
        final boolean oneway,
        final int timeoutMills,
        final boolean compressed) {

        // 初始化一个List，存放每个NameServer注册结果的
        // 多线程 会有并发问题吧
        final List<RegisterBrokerResult> registerBrokerResultList = Lists.newArrayList();

        // 获取 NameServer 地址列表
        List<String> nameServerAddressList =
                this.remotingClient.getNameServerAddressList();
        if (nameServerAddressList != null && nameServerAddressList.size() > 0) {

            // 构建请求头，在请求头里面放很多的信息，比如说 BrokerId 和 BrokerName
            final RegisterBrokerRequestHeader requestHeader = new RegisterBrokerRequestHeader();
            requestHeader.setBrokerAddr(brokerAddr);
            requestHeader.setBrokerId(brokerId);
            requestHeader.setBrokerName(brokerName);
            requestHeader.setClusterName(clusterName);
            requestHeader.setHaServerAddr(haServerAddr);
            requestHeader.setCompressed(compressed);

            // 构建请求体，包含一些配置
            RegisterBrokerBody requestBody = new RegisterBrokerBody();
            requestBody.setTopicConfigSerializeWrapper(topicConfigWrapper);
            requestBody.setFilterServerList(filterServerList);
            final byte[] body = requestBody.encode(compressed);
            final int bodyCrc32 = UtilAll.crc32(body);
            requestHeader.setBodyCrc32(bodyCrc32);
            // 使用CountDownLatch同步计数器，保证注册完全部的 NameServer之后才往下走，
            // 执行其他逻辑
            final CountDownLatch countDownLatch = new CountDownLatch(nameServerAddressList.size());
            // 遍历NameServer 地址列表，使用线程池去注册
            for (final String namesrvAddr : nameServerAddressList) {
                brokerOuterExecutor.execute(new Runnable() {
                    @Override
                    public void run() {
                        try {
                            // 调用 registerBroker 真正执行注册
                            RegisterBrokerResult result = registerBroker(namesrvAddr,oneway, timeoutMills,requestHeader,body);
                            **if (result != null) {
                                // 注册成功结果放到一个List里去
                                registerBrokerResultList.add(result);
                            }**

                            log.info("register broker[{}]to name server {} OK", brokerId, namesrvAddr);
                        } catch (Exception e) {
                            log.warn("registerBroker Exception, {}", namesrvAddr, e);
                        } finally {
                            // 注册完，执行 countDownLatch.countDown(); 同步计数器 -1
                            countDownLatch.countDown();
                        }
                    }
                });
            }

            try {
                // 等待所有 NameServer 都注册完，才返回注册结果
                countDownLatch.await(timeoutMills, TimeUnit.MILLISECONDS);
            } catch (InterruptedException e) {
            }
        }

        return registerBrokerResultList;
    }

final List<RegisterBrokerResult> registerBrokerResultList = Lists.newArrayList(); Does this code have concurrency security issues? I reproduced the code, conducted more than 100 experiments, and found that there is indeed a concurrency security problem.

and this is my original code: https://github.com/androidkaifa1/RocketMQTEST

Issue Analytics

State:
Created 3 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

1reaction

francisoliverleecommented, Jul 24, 2020

registerBrokerResultList should be thread-safe, nice of u to fix it

0reactions

CodeDeveloperCcommented, Jul 24, 2020

@francisoliverlee Thanks for your answer. I have fixed it. and the link is https://github.com/apache/rocketmq/pull/2203

Here is My changes.Thank you!

Top Results From Across the Web

Concurrency is Everywhere - Medium

As you can see, problems with concurrency can lead to serious security issues from stolen money to data and memory corruption, system crashes,...

Concurrency and security - DCC

Security issues ? Concurrency blurs clear notions of time and state, one of the 7 pernicious kingdoms in software security. “in order for...

Understanding and Detecting Concurrency Attacks

First, concurrency attacks are severe threats: 35 of the bugs can corrupt critical memory and cause three types of violations, including privilege escalations ......

Concurrency Attacks - USENIX

In this paper, we present a pre- liminary study of concurrency attacks and the security implications of real world concurrency errors. Our study...

Follow the Rules Regarding Concurrency Management | CISA

Maximally: Loss of liveness: imbalance in access to shared resources by competing threads can cause performance problems. Security Policies to ...