From b68452582ffa61421534d7f61f4d5f06e077ed39 Mon Sep 17 00:00:00 2001
From: Michael Lee <mzlee@fb.com>
Date: Tue, 26 Sep 2017 08:35:09 -0700
Subject: [PATCH] Delete conversion from Objective-C block to folly::Function

Summary: Objective-C blocks are stack allocated, and unless there is a proper assignment it isn't retained and the memory is freed. Because folly::Function used to move, it would hold a reference, but after switch to a constructor by-value, it no longer does this and we see a use-after-free.

Reviewed By: yfeldblum, ericniebler

Differential Revision: D5888606

fbshipit-source-id: fe4cabb2f2ae289cce0e7429e0af3935ba314720
---
 folly/Function.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/folly/Function.h b/folly/Function.h
index 55d7024c..a73a8b7a 100644
--- a/folly/Function.h
+++ b/folly/Function.h
@@ -491,6 +491,12 @@ class Function final : private detail::function::FunctionTraits<FunctionType> {
   // not copyable
   Function(const Function&) = delete;
 
+#if __OBJC__
+  // Delete conversion from Objective-C blocks
+  template <class ReturnType, class... Args>
+  Function(ReturnType (^)(Args...)) = delete;
+#endif
+
   /**
    * Move constructor
    */
@@ -570,6 +576,12 @@ class Function final : private detail::function::FunctionTraits<FunctionType> {
 
   Function& operator=(const Function&) = delete;
 
+#if __OBJC__
+  // Delete conversion from Objective-C blocks
+  template <class ReturnType, class... Args>
+  Function& operator=(ReturnType (^)(Args...)) = delete;
+#endif
+
   /**
    * Move assignment operator
    *
-- 
2.34.1