Impact
The Vertex.DeleteInEdges and Vertex.DeleteOutEdges functions are not thread safe, and may cause inconsistent states if they are called at the same time as other functions.
// DeleteInEdges deletes inedges of vertex.
func (v *Vertex[T]) DeleteInEdges() {
for _, parent := range v.Parents.Values() {
parent.Children.Delete(v)
}
v.Parents = set.NewSafeSet[*Vertex[T]]()
}The for loop iterates through the vertex’s parents, deleting the corresponding entry in their Children sets. After the for loop, the vertex’s Parents set is assigned to be the empty set. However, if a parent is added to the vertex (on another thread) in between these two operations, the state will be inconsistent. The parent will have the vertex in its Children set, but the vertex will not have the parent in its Parents set.
The same problem happens in Vertex.DeleteOutEdges method, since its code is essentially the same, but with Parents swapped with Children in all occurrences.
It is undetermined what exploitable problems this bug can cause.
Patches
- Dragonfy v2.1.0 and above.
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at dragonfly-maintainers@googlegroups.com.
Impact
The Vertex.DeleteInEdges and Vertex.DeleteOutEdges functions are not thread safe, and may cause inconsistent states if they are called at the same time as other functions.
The for loop iterates through the vertex’s parents, deleting the corresponding entry in their Children sets. After the for loop, the vertex’s Parents set is assigned to be the empty set. However, if a parent is added to the vertex (on another thread) in between these two operations, the state will be inconsistent. The parent will have the vertex in its Children set, but the vertex will not have the parent in its Parents set.
The same problem happens in Vertex.DeleteOutEdges method, since its code is essentially the same, but with Parents swapped with Children in all occurrences.
It is undetermined what exploitable problems this bug can cause.
Patches
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at dragonfly-maintainers@googlegroups.com.