[GH-ISSUE #633] Potential atomic violation in S3fsCurl::AddUserAgent #363

New issue

Closed

opened 2026-03-04 01:44:45 +03:00 by kerem · 1 comment

kerem commented

2026-03-04 01:44:45 +03:00

Owner

Originally created by @ITWOI on GitHub (Aug 29, 2017).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/633

Additional Information

The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all.

Version of s3fs being used (s3fs --version)
Master Branch
Version of fuse being used (pkg-config --modversion fuse)
N/A
System information (uname -a)
N/A
Distro (cat /etc/issue)
N/A

Details about issue

Hi all,

Our bug scanner has reported a race condition issue from curl.cpp#L1486 to curl.cpp#L1495

Followings are code snippets.

bool S3fsCurl::AddUserAgent(CURL* hCurl)
{
    ...
    static bool   init = false;
    if(!init){
      strua =  "s3fs/";
      strua += VERSION;
      strua += " (commit hash ";
      strua += COMMIT_HASH_VAL;
      strua += "; ";
      strua += s3fs_crypt_lib_name();
      strua += ")";
      init = true;
    }
    ...
}

Note that init is a static variable and the function AddUserAgent could be executed parallelly. Therefore, when two threads reach the if(!init) simultaneously, they are all true and then begin to construct the string strua. However, they could corrupt the strua, leading to confused information.

A possible call trace could be as follows:

S3fsMultiCurl::MultiPerform creates two or more threads that execute S3fsMultiCurl::RequestPerformWrapper. Then S3fsMultiCurl::RequestPerformWrapper calls S3fsCurl::RequestPerform. At the end of S3fsCurl::RequestPerform, it calls S3fsCurl::AddUserAgent(hCurl).

SourceBrella Inc.,
Yu

Originally created by @ITWOI on GitHub (Aug 29, 2017). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/633 #### Additional Information _The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all._ - Version of s3fs being used (s3fs --version) - Master Branch - Version of fuse being used (pkg-config --modversion fuse) - N/A - System information (uname -a) - N/A - Distro (cat /etc/issue) - N/A #### Details about issue Hi all, Our bug scanner has reported a race condition issue from [curl.cpp#L1486](https://github.com/s3fs-fuse/s3fs-fuse/blob/master/src/curl.cpp#L1486) to [curl.cpp#L1495](https://github.com/s3fs-fuse/s3fs-fuse/blob/master/src/curl.cpp#L1495) Followings are code snippets. ```c++ bool S3fsCurl::AddUserAgent(CURL* hCurl) { ... static bool init = false; if(!init){ strua = "s3fs/"; strua += VERSION; strua += " (commit hash "; strua += COMMIT_HASH_VAL; strua += "; "; strua += s3fs_crypt_lib_name(); strua += ")"; init = true; } ... } ``` Note that `init` is a static variable and the function `AddUserAgent` could be executed parallelly. Therefore, when two threads reach the `if(!init)` simultaneously, they are all true and then begin to construct the string `strua`. However, they could corrupt the `strua`, leading to confused information. A possible call trace could be as follows: `S3fsMultiCurl::MultiPerform` creates two or more threads that execute `S3fsMultiCurl::RequestPerformWrapper`. Then `S3fsMultiCurl::RequestPerformWrapper` calls `S3fsCurl::RequestPerform`. At the end of `S3fsCurl::RequestPerform`, it calls `S3fsCurl::AddUserAgent(hCurl)`. SourceBrella Inc., Yu

kerem closed this issue

2026-03-04 01:44:46 +03:00

kerem commented

2026-03-04 01:44:46 +03:00

Author

Owner

@ggtakec commented on GitHub (Sep 17, 2017):

@ITWOI Thanks for this.
I modified and merged new codes, you can see it(and detail in PR).
Regards,

@ggtakec commented on GitHub (Sep 17, 2017): @ITWOI Thanks for this. I modified and merged new codes, you can see it(and detail in PR). Regards,

kerem referenced this issue

2026-03-04 01:54:11 +03:00

[PR #364] [MERGED] Checked content-type by no case-sensitivity - #363 #1483