Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.5, 0.6
-
None
Description
There is a race condition in the use of Bounds in SessionImpl::sendFrame. This function sends the frame first, then calls
Bounds::expand(). But it's possible the network thread calls Bounds::reduce() between sending the frame and calling expand. If the Bounds::current value is 0
that reduce() is lost. If enough reduce() calls are lost in this way eventually we will deadlock.
In investigating this it also became clear that the connection frames weren't correctly accounted for (i.e. the bounds are never expended for connection frames, though they are included in the byte count passed in on reduce()). Though this shouldn't actually cause any problem it is logically incorrect, unintuitive and could mask problems that are hard to diagnose.