Description
While EnsureDBInstalled() uses a mutex (ensureMux) to protect the installation process, the initial check IsDBInstalled() at line 56 happens outside the mutex lock. This creates a TOCTOU (Time-of-Check-Time-of-Use) race condition where two concurrent calls could both see the DB as not installed, then both proceed with installation (though the mutex will serialize the actual install).
Severity
MEDIUM - Race condition
Test Reference
Test: TestEnsureDBInstalled_Concurrent in pkg/db/db_local/install_test.go:167 (skipped)
Suggested Fix
Move the IsDBInstalled() check inside the mutex lock.
Related Code
pkg/db/db_local/install.go:39-54
Description
While
EnsureDBInstalled()uses a mutex (ensureMux) to protect the installation process, the initial checkIsDBInstalled()at line 56 happens outside the mutex lock. This creates a TOCTOU (Time-of-Check-Time-of-Use) race condition where two concurrent calls could both see the DB as not installed, then both proceed with installation (though the mutex will serialize the actual install).Severity
MEDIUM - Race condition
Test Reference
Test:
TestEnsureDBInstalled_Concurrentinpkg/db/db_local/install_test.go:167(skipped)Suggested Fix
Move the
IsDBInstalled()check inside the mutex lock.Related Code
pkg/db/db_local/install.go:39-54