From: Yedidya Feldblum <yfeldblum@fb.com>
Date: Thu, 30 Mar 2017 22:43:00 +0000 (-0700)
Subject: Fix double-delete in Singleton::make_mock
X-Git-Tag: v2017.04.03.00~4
X-Git-Url: http://plrg.eecs.uci.edu/git/?a=commitdiff_plain;h=c84f534737cb335d99916b15b06149bd1c828424;hp=c84f534737cb335d99916b15b06149bd1c828424;p=folly.git

Fix double-delete in Singleton::make_mock

Summary:
[Folly] Fix double-`delete` in `Singleton::make_mock`.

In that function, we unconditionally destroy any existing singleton instance of the same singleton. Actually, we must conditionally destroy it - conditionally on one having been created and not yet destroyed.

This problem only rarely appears because it is masked by `delete static_cast<T*>(nullptr)` being a no-op. For example, if we call `make_mock` before actually instantiating the singleton, we call that no-op. The way to make it appear is to instantiate the singleton, and then to call `make_mock` twice in a row. The first call to `make_mock` unconditionally destroys the existing instance (it still should have checked) and the second call does it again, but because the existing instance is not `nullptr`, the second call is a double-delete of a non-`nullptr` instance and crashes. In the simple case, as reproduced in an attached test, the failure is observable with ASAN. In other cases, the double-`free` is tolerated, but the failure may only be observable depending on the singleton object's state - if running the dtor twice fails.

Reviewed By: ivmaykov

Differential Revision: D4798163

fbshipit-source-id: e7b65d030d89225dfdc2fad4c778d3653460806e
---