Fix potential race condition on m_direntLookup initialization.

Reading and writing in the same time to a unique_ptr is not thread safe. So the first read in `getDirent` (not lock protected) is a potential race condition as we can also write to it (lock protected). This is sad but we have to always get a lock to get the direntLookup. Fix #945
openzim · Feb 7, 2025 · 433e1b4 · 433e1b4
1 parent 88205b9
commit 433e1b4
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/src/fileimpl.cpp b/src/fileimpl.cpp
@@ -294,14 +294,12 @@ class Grouping
     //    in the call stack.
     // 2. With `glibc` an exceptional execution of `std::call_once` doesn't
     //    unlock the mutex associated with the `std::once_flag` object.
+    std::lock_guard<std::mutex> lock(m_direntLookupCreationMutex);
     if ( !m_direntLookup ) {
-      std::lock_guard<std::mutex> lock(m_direntLookupCreationMutex);
-      if ( !m_direntLookup ) {
-        if (m_direntLookupSize == 0) {
-          m_direntLookup = std::make_unique<DirentLookup>(mp_pathDirentAccessor.get());
-        } else {
-          m_direntLookup = std::make_unique<FastDirentLookup>(mp_pathDirentAccessor.get(), m_direntLookupSize);
-        }
+      if (m_direntLookupSize == 0) {
+        m_direntLookup = std::make_unique<DirentLookup>(mp_pathDirentAccessor.get());
+      } else {
+        m_direntLookup = std::make_unique<FastDirentLookup>(mp_pathDirentAccessor.get(), m_direntLookupSize);
       }
     }
     return *m_direntLookup;