| commit | 3e99d8bdb0ad770cbce550a7791673318a3886fc | |
| author | Shaunak Kishore <kshaunak@fb.com> | |
| Fri, 13 Sep 2019 17:51:21 +0000 (13 10:51 -0700) | ||
| committer | Hhvm Bot <hhvm-bot@users.noreply.github.com> | |
| Fri, 13 Sep 2019 17:55:16 +0000 (13 10:55 -0700) | ||
| tree | 6a6549100106a2e1c85e33ea3960ba8bbd997a60 | treesnapshot (tar.gz zip) |
| parent | 6057412a88cedbf6dd24e3cdce856174101dc88a | commitdiff |
Early warning on double-free
Summary:
Double-frees are hard to trace down when we trash refcounts, because the second free simply decrements the trashed value. Michael had the excellent idea of leaving refcounts alone when trashing memory allocations, which led to us finding the bug in D17352274.
This diff gets us the same early warning on double-frees while still letting us trash the entire allocation. We already check the refcount against this "too high" value when we JIT AssertRefCounts in HHIRGenerateAsserts mode, but that only catches values on the frame and stack. In this week's bug we were bitten by a double-free of a value within a container.
The assertion in memory-manager.h ensures that trashed refcounts will be caught by this check.
Reviewed By: ricklavoie
Differential Revision: D17354372
fbshipit-source-id: dbd4e591ba40c474e8f3ebcd3ef9ea5ad810eb8f
Summary:
Double-frees are hard to trace down when we trash refcounts, because the second free simply decrements the trashed value. Michael had the excellent idea of leaving refcounts alone when trashing memory allocations, which led to us finding the bug in D17352274.
This diff gets us the same early warning on double-frees while still letting us trash the entire allocation. We already check the refcount against this "too high" value when we JIT AssertRefCounts in HHIRGenerateAsserts mode, but that only catches values on the frame and stack. In this week's bug we were bitten by a double-free of a value within a container.
The assertion in memory-manager.h ensures that trashed refcounts will be caught by this check.
Reviewed By: ricklavoie
Differential Revision: D17354372
fbshipit-source-id: dbd4e591ba40c474e8f3ebcd3ef9ea5ad810eb8f
| hphp/runtime/base/countable.h | diffblobblamehistory | |
| hphp/runtime/base/memory-manager.h | diffblobblamehistory |