View Incident Report

Serious

Reported By: Jason Southwell
Reported On: 8/16/2016
For: Version 2.24 Build 2

# 4429 TEDBSession Component Can Experience an AV During Destruction via Component Removal Notifications

I found a source of our client AVs (code below).

When #1 is called, FDatabaseSection is freed

When #2 is called, it causes a TEDBSession.RemoveDatabase call to be made which in turn tries to get a lock on an already freed FDatabaseSection.

destructor TEDBSession.Destroy;
begin
   SetConnected(False);
   FreeAndNil(FRemoteParams);
   FreeAndNil(FDatabaseSection); // <<==== #1
   if FAutoSessionName then
      Engine.PutSessionNumber(FSessionNumber);
   Engine.RemoveSession(Self);
   inherited Destroy; // <<===== #2
end;

Comments

The sequence is:

1) TEDBSession.Destroy called, critical section is freed, and inherited Destroy method is called.
2) All connected TEDBDatabase components are notified, and they set their SessionName to blank.
3) This results in the TEDBSession.RemoveDatabase method being called, which tries to access the critical section that has already been destroy.

RemoveDatabase now checks to see if the session is being destroyed and, if so, it simply exits without doing anything.

Resolution

Fixed Problem on 8/16/2016 in version 2.24 build 3

Products Affected

ElevateDB LCL Standard with Source
ElevateDB VCL Client-Server
ElevateDB VCL Client-Server with Source
ElevateDB VCL Standard
ElevateDB VCL Standard with Source
ElevateDB VCL Trial

More Support Options

Search Incident Reports

Support Forums

Frequently Asked Questions

Technical Bulletins

Technical Articles

Product Manuals

Roadmap