1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 05:37:35 +00:00

AK: Fix crash during teardown of self-owning objects

We now null out smart pointers *before* calling unref on the pointee.
This ensures that the same smart pointer can't be used to acquire a new
reference to the pointee after its destruction has begun.

I ran into this when destroying a non-empty IntrusiveList of RefPtrs,
but the problem was more general so this fixes it for all of RefPtr,
NonnullRefPtr, OwnPtr and NonnullOwnPtr.
This commit is contained in:
Andreas Kling 2023-04-21 13:36:32 +02:00
parent 66bd7cdb28
commit b7e847e58b
10 changed files with 102 additions and 14 deletions

View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
* Copyright (c) 2018-2023, Andreas Kling <kling@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
@ -153,3 +153,15 @@ TEST_CASE(adopt_ref_if_nonnull)
RefPtr<SelfAwareObject> failed_allocation = adopt_ref_if_nonnull(null_object);
EXPECT_EQ(failed_allocation.is_null(), true);
}
TEST_CASE(destroy_self_owning_refcounted_object)
{
struct SelfOwningRefCounted : public RefCounted<SelfOwningRefCounted> {
RefPtr<SelfOwningRefCounted> self;
};
RefPtr object = make_ref_counted<SelfOwningRefCounted>();
auto* object_ptr = object.ptr();
object->self = object;
object = nullptr;
object_ptr->self = nullptr;
}