Fix use-after-free in futexWaitUntilImpl

Summary: Handle wake-ups correctly in futexWaitUntilImpl.

Test Plan:
-- ran all folly unit tests
-- ran TimeoutWorkQueue test under tao/queues

Reviewed By: ngbronson@fb.com, meyering@fb.com

FB internal diff: D1406845

Tasks: 4494871

diff --git a/folly/test/DeterministicSchedule.cpp b/folly/test/DeterministicSchedule.cpp
index a19c977efc25126eafc51997f0f25cbc94e4f3d6..4da4844321a207a5ece52806d05964a55562f5fb 100644 (file)
--- a/folly/test/DeterministicSchedule.cpp
+++ b/folly/test/DeterministicSchedule.cpp
@@ -278,8 +278,10 @@ FutexResult futexWaitUntilImpl(Futex<DeterministicAtomic>* futex,
       futexLock.lock();
 
       // Simulate spurious wake-ups, timeouts each time with
-      // a 10% probability
-      if (DeterministicSchedule::getRandNumber(100) < 10) {
+      // a 10% probability if we haven't been woken up already
+      if (!rv && DeterministicSchedule::getRandNumber(100) < 10) {
+        assert(futexQueues.count(futex) != 0 &&
+               &futexQueues[futex] == &queue);
         queue.erase(ours);
         if (queue.empty()) {
           futexQueues.erase(futex);