#766 CRITICAL: TOCTOU in orchestrator task claiming

closed critical Created 2026-01-02 00:53 · Updated 2026-01-02 01:03

Description

Edit

orchestrator.py:520-530 checks claimed_by but not state='claimed'. Between claim_task() and UPDATE (separate transactions), another worker could release claim. Fix: Add AND state='claimed' to WHERE clause

Comments

Loading comments...

Context

Loading context...

Audit History

View All

Loading audit history...

#766 CRITICAL: TOCTOU in orchestrator task claiming

Description

Similar Issues

Comments

Context

Audit History