From d5139c2cc41f7cda73e28ab8f2d8c7d795623cf2 Mon Sep 17 00:00:00 2001 From: Danny Robson Date: Fri, 9 Apr 2021 13:28:49 +1000 Subject: [PATCH] init: workaround a double free in cookie allocation --- init.cpp | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/init.cpp b/init.cpp index b5729ec5..cb05a9e5 100644 --- a/init.cpp +++ b/init.cpp @@ -31,28 +31,25 @@ namespace { cruft::parse::enumeration::cookie log; }; - std::unique_ptr s_state; - std::atomic s_count; + static std::unique_ptr s_state; } //----------------------------------------------------------------------------- -// Increase the reference count and initialising the requisite functionality if -// this is the first instance of the class. +// NOTE: We were using reference counting to cleanup s_state at cookie +// destruction time, but for some reason this results in a double-free under +// gcc-usan. It's easier to just allow it to live past the useful period and +// perform cleanup atexit. static void up (void) { - if (int old = s_count++; !old) + if (!s_state) s_state = std::make_unique (); } //----------------------------------------------------------------------------- -// Decrease the reference count and release any resources if this was the last -// instance of the class. static void down (void) { - if (int old = --s_count; !old) - s_state.reset (); }