base/memory/scoped_ptr.h - Issue 1356483002: Call reset(nullptr) in scoped_ptr's.

Side by Side Diff: base/memory/scoped_ptr.h

Issue 1356483002: Call reset(nullptr) in scoped_ptr's. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Set null before detete, and add test. Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // Scopers help you manage ownership of a pointer, helping you easily manage a	5 // Scopers help you manage ownership of a pointer, helping you easily manage a

6 // pointer within a scope, and automatically destroying the pointer at the end	6 // pointer within a scope, and automatically destroying the pointer at the end

7 // of a scope. There are two main classes you will use, which correspond to the	7 // of a scope. There are two main classes you will use, which correspond to the

8 // operators new/delete and new[]/delete[].	8 // operators new/delete and new[]/delete[].

9 //	9 //

10 // Example usage (scoped_ptr<T>):	10 // Example usage (scoped_ptr<T>):

(...skipping 199 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
210 template <typename U, typename V>	210 template <typename U, typename V>

211 void TakeState(scoped_ptr_impl<U, V>* other) {	211 void TakeState(scoped_ptr_impl<U, V>* other) {

212 // See comment in templated constructor above regarding lack of support	212 // See comment in templated constructor above regarding lack of support

213 // for move-only deleters.	213 // for move-only deleters.

214 reset(other->release());	214 reset(other->release());

215 get_deleter() = other->get_deleter();	215 get_deleter() = other->get_deleter();

216 }	216 }

217	217

218 ~scoped_ptr_impl() {	218 ~scoped_ptr_impl() {

219 if (data_.ptr != nullptr) {	219 if (data_.ptr != nullptr) {

	220 // Even though \|this\| should no longer be accessed after destruction,

	221 // there may be use-after-free bugs. Setting \|data_.ptr\| to null should

	222 // cause many attempts to dereference \|this\| to segfault closer to the

	223 // source of the use-after-free. Of course, this may not catch issues if

	224 // the memory is immediately re-allocated and altered.

	225 // Set the value to nullptr before running the deleter in case the deleter

	226 // references \|this\|. Unlike libc++, we can't call reset() because reset()

	227 // references \|this\| after running the deleter.
	Peter Kasting 2015/09/23 01:14:39 It looks like reset() was changed to an intermedia It looks like reset() was changed to an intermediate state that should flush out any bugs where code relied on the old ordering about 2.5 years ago. So it ought to be safe to go ahead and change reset()'s ordering to match libc++ now, close bug 176091, and then have this use reset() like libc++ does. Anand Mistry (off Chromium) 2015/09/23 01:44:52 Despite being small, I think that's a significant Show quoted text On 2015/09/23 01:14:39, Peter Kasting wrote: > It looks like reset() was changed to an intermediate state that should flush out > any bugs where code relied on the old ordering about 2.5 years ago. So it ought > to be safe to go ahead and change reset()'s ordering to match libc++ now, close > bug 176091, and then have this use reset() like libc++ does. Despite being small, I think that's a significant enough change to deserve it's own CL. Peter Kasting 2015/09/23 01:52:58 That's fine; why not do that first and then make a Show quoted text On 2015/09/23 01:44:52, Anand Mistry wrote: > On 2015/09/23 01:14:39, Peter Kasting wrote: > > It looks like reset() was changed to an intermediate state that should flush > out > > any bugs where code relied on the old ordering about 2.5 years ago. So it > ought > > to be safe to go ahead and change reset()'s ordering to match libc++ now, > close > > bug 176091, and then have this use reset() like libc++ does. > > Despite being small, I think that's a significant enough change to deserve it's > own CL. That's fine; why not do that first and then make a change to this function so you can move directly to that implementation? Anand Mistry (off Chromium) 2015/09/23 04:48:04 Done. Show quoted text On 2015/09/23 01:52:58, Peter Kasting wrote: > On 2015/09/23 01:44:52, Anand Mistry wrote: > > On 2015/09/23 01:14:39, Peter Kasting wrote: > > > It looks like reset() was changed to an intermediate state that should flush > > out > > > any bugs where code relied on the old ordering about 2.5 years ago. So it > > ought > > > to be safe to go ahead and change reset()'s ordering to match libc++ now, > > close > > > bug 176091, and then have this use reset() like libc++ does. > > > > Despite being small, I think that's a significant enough change to deserve > it's > > own CL. > > That's fine; why not do that first and then make a change to this function so > you can move directly to that implementation? Done.
	228 T* old = data_.ptr;

	229 data_.ptr = nullptr;

220 // Not using get_deleter() saves one function call in non-optimized	230 // Not using get_deleter() saves one function call in non-optimized

221 // builds.	231 // builds.

222 static_cast<D&>(data_)(data_.ptr);	232 static_cast<D&>(data_)(old);

223 }	233 }

224 }	234 }

225	235

226 void reset(T* p) {	236 void reset(T* p) {

227 // This is a self-reset, which is no longer allowed for default deleters:	237 // This is a self-reset, which is no longer allowed for default deleters:

228 // https://crbug.com/162971	238 // https://crbug.com/162971

229 assert(!ShouldAbortOnSelfReset<D>::value \|\| p == nullptr \|\| p != data_.ptr);	239 assert(!ShouldAbortOnSelfReset<D>::value \|\| p == nullptr \|\| p != data_.ptr);

230	240

231 // Note that running data_.ptr = p can lead to undefined behavior if	241 // Note that running data_.ptr = p can lead to undefined behavior if

232 // get_deleter()(get()) deletes this. In order to prevent this, reset()	242 // get_deleter()(get()) deletes this. In order to prevent this, reset()

(...skipping 350 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
583 scoped_ptr<T> make_scoped_ptr(T* ptr) {	593 scoped_ptr<T> make_scoped_ptr(T* ptr) {

584 return scoped_ptr<T>(ptr);	594 return scoped_ptr<T>(ptr);

585 }	595 }

586	596

587 template <typename T>	597 template <typename T>

588 std::ostream& operator<<(std::ostream& out, const scoped_ptr<T>& p) {	598 std::ostream& operator<<(std::ostream& out, const scoped_ptr<T>& p) {

589 return out << p.get();	599 return out << p.get();

590 }	600 }

591	601

592 #endif // BASE_MEMORY_SCOPED_PTR_H_	602 #endif // BASE_MEMORY_SCOPED_PTR_H_

OLD	NEW

« no previous file with comments | « no previous file | base/memory/scoped_ptr_unittest.cc » ('j') | no next file with comments »