A bug has been discovered in Release 6.7 in the code that deals with TCP socket writes that involve more than a single buffer. These ‘multi-buffer writes’ are writes that involves either a buffer chain or a block of data passed as a pointer and a length where the length exceeds the size of the buffer allocator that the connection is using.
The bug prevents the ‘multi-buffer write’ from being executed as a single atomic write at the network layer and so can cause corruption of a TCP data stream if multiple sockets are writing to the same connection concurrently.
The bug is due to the removal in 6.7 of the code required to support Windows XP. In Windows XP we needed to include sequence numbers in write operations to allow for the way we always marshalled all I/O operations from the calling thread to an I/O thread to prevent I/O cancellation due to thread termination. This write sequencing code had the side effect of also protecting ‘multi-buffer writes’ from being interrupted by other writes.
The fix does not require the reintroduction of write sequencing but, instead, issues a single scatter/gather style write for the entire buffer chain. This is both efficient and correct.
A related bug also affects atomicity of ‘multi-buffer writes’ into filter layers, such as the SSL code. Similar fixes have been applied here.
The bug is fixed in Release 6.8 which will be released later today.