From: Sarang Masti <mssarang@fb.com>
Date: Thu, 26 Jun 2014 22:37:13 +0000 (-0700)
Subject: Fix use-after-free in futexWaitUntilImpl
X-Git-Tag: v0.22.0~492
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=8ee3ba54b58058f6598124bccd27edc1fe4a91c9;p=folly.git

Fix use-after-free in futexWaitUntilImpl

Summary: Handle wake-ups correctly in futexWaitUntilImpl.

Test Plan:
-- ran all folly unit tests
-- ran TimeoutWorkQueue test under tao/queues

Reviewed By: ngbronson@fb.com, meyering@fb.com

FB internal diff: D1406845

Tasks: 4494871
---

diff --git a/folly/test/DeterministicSchedule.cpp b/folly/test/DeterministicSchedule.cpp
index a19c977e..4da48443 100644
--- a/folly/test/DeterministicSchedule.cpp
+++ b/folly/test/DeterministicSchedule.cpp
@@ -278,8 +278,10 @@ FutexResult futexWaitUntilImpl(Futex<DeterministicAtomic>* futex,
       futexLock.lock();
 
       // Simulate spurious wake-ups, timeouts each time with
-      // a 10% probability
-      if (DeterministicSchedule::getRandNumber(100) < 10) {
+      // a 10% probability if we haven't been woken up already
+      if (!rv && DeterministicSchedule::getRandNumber(100) < 10) {
+        assert(futexQueues.count(futex) != 0 &&
+               &futexQueues[futex] == &queue);
         queue.erase(ours);
         if (queue.empty()) {
           futexQueues.erase(futex);