Race condition in UMutex code, leading to random crashes.

Description

We are seeing crashes that occur in ICU in some cases, using the code from the master branch.

From investigating, there is a race condition in the refactored UMutex code which was changed in ICU-20588.

The call stacks from the crashes generally look like the following:

The issue is in the getMutex() function.

If another thread interrupts in-between the first fMutex.load() and the second fMutex.load() calls, then the return value of retPtr can be nullptr, which will cause the the Mutex wrapper to call lock() on Null pointer.

Assignee

Jeff Genovy

Reporter

Jeff Genovy

Components

Labels

None

Reviewer

None

Priority

critical

Time Needed

None

Fix versions

Configure