Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.9.3
-
None
Description
thrift_poll() for WINVER <= 0x0502 in thrift/windows/WinFnctl.cpp shadows the 'time_out' variable, and it ends up passing the destructed copy to select():
timeval time_out;
timeval* time_out_ptr = NULL;
if (timeout >= 0) {
timeval time_out =
;
time_out_ptr = &time_out;
} else
int sktready = select(1, read_fds_ptr, write_fds_ptr, NULL, time_out_ptr);
Stepping through this code in the debugger, it looks like MSVC reserves a large enough stack frame to avoid overwriting the variable when calling select(), which may be why this hasn't been caught yet.
Attachments
Issue Links
- links to