From 8ee3ba54b58058f6598124bccd27edc1fe4a91c9 Mon Sep 17 00:00:00 2001
From: Sarang Masti <mssarang@fb.com>
Date: Thu, 26 Jun 2014 15:37:13 -0700
Subject: [PATCH] Fix use-after-free in futexWaitUntilImpl

Summary: Handle wake-ups correctly in futexWaitUntilImpl.

Test Plan:
-- ran all folly unit tests
-- ran TimeoutWorkQueue test under tao/queues

Reviewed By: ngbronson@fb.com, meyering@fb.com

FB internal diff: D1406845

Tasks: 4494871
---
 folly/test/DeterministicSchedule.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/folly/test/DeterministicSchedule.cpp b/folly/test/DeterministicSchedule.cpp
index a19c977e..4da48443 100644
--- a/folly/test/DeterministicSchedule.cpp
+++ b/folly/test/DeterministicSchedule.cpp
@@ -278,8 +278,10 @@ FutexResult futexWaitUntilImpl(Futex<DeterministicAtomic>* futex,
       futexLock.lock();
 
       // Simulate spurious wake-ups, timeouts each time with
-      // a 10% probability
-      if (DeterministicSchedule::getRandNumber(100) < 10) {
+      // a 10% probability if we haven't been woken up already
+      if (!rv && DeterministicSchedule::getRandNumber(100) < 10) {
+        assert(futexQueues.count(futex) != 0 &&
+               &futexQueues[futex] == &queue);
         queue.erase(ours);
         if (queue.empty()) {
           futexQueues.erase(futex);
-- 
2.34.1