Foundation: make Logger::shutdown() channel-detach instead of map-reset (fix UAF)#5326
Closed
SAY-5 wants to merge 1 commit intopocoproject:mainfrom
Closed
Foundation: make Logger::shutdown() channel-detach instead of map-reset (fix UAF)#5326SAY-5 wants to merge 1 commit intopocoproject:mainfrom
SAY-5 wants to merge 1 commit intopocoproject:mainfrom
Conversation
…et (fix UAF)
Logger::shutdown() previously did:
void Logger::shutdown()
{
Mutex::ScopedLock lock(_mapMtx);
_pLoggerMap.reset();
}
shutdown() is called from LoggingSubsystem::uninitialize(), which runs
before the destruction of static singletons that registered via
atexit. Those singletons frequently cache a Logger& obtained from
Logger::get() during construction (the canonical pattern recommended
in the Poco samples and used widely by downstream code). Once the
logger map is torn down, every such cached reference is dangling, and
the first log call from a static destructor hits a heap-use-after-free.
Switch shutdown() to detach the channel from every Logger rather than
destroying them. logImpl() already short-circuits on `if (_pChannel)`,
so once the channel is null all further logging from a Logger is a
cheap no-op and the reference stays valid. The map itself is released
at real program exit when the static _pLoggerMap is destroyed; no
long-lived singleton can touch it between shutdown() and that point.
Fixes pocoproject#5324
Member
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #5324.
Logger::shutdown()previously did:shutdown()is called fromLoggingSubsystem::uninitialize(), which runs before the destruction of static singletons that registered viaatexit. Those singletons frequently cache aLogger&obtained fromLogger::get()during construction — the canonical pattern recommended in the Poco samples and used widely by downstream code. Once the logger map is torn down, every such cached reference is dangling, and the first log call from a static destructor hits a heap-use-after-free.This switches
shutdown()to detach the channel from every Logger rather than destroying them.logImpl()already short-circuits onif (_pChannel), so once the channel is null all further logging from a Logger is a cheap no-op and the reference stays valid. The map itself is released at real program exit when the static_pLoggerMapis destroyed; no long-lived singleton can touch it betweenshutdown()and that point.