Crash in callback group pointer vector iterator #813
Description
Bug report
Required Info:
- Operating System:
- Ubuntu 16.04
- Installation type:
- From Source (Crystal P4) But Master branch has the same issue (from code inspection)
- Version or commit hash:
- HEAD of Master for RCLCPP
- DDS implementation:
- N/A
- Client library (if applicable):
- rclcpp
Steps to reproduce issue
There is 2 separate issues here:
- A sever crash can occur in the RCLCPP code when a thread is iterating over a callback_group while another thread is creating a new subscription (or timer, service, etc). The iterator over the actual callback group pointer vector is done unprotected by a lock causing a potential concurrent access leading to a crash.
- A memory leak is also present in the callback group pointer vector storing weak reference to subscriptions. If the subscription gets destroyed, the weak reference becomes invalid, however, that weak reference object is never removed from the callback group pointer vector. This overtime leads to memory leaks when subscriptions are added / removed dynamically.
Reproduction step is by using the multithreaded executor as well as separate regular posix threads to create new topic subscriptions. The actual code change is self explanatory.