fix make_exception_ptr_with under libc++

yfeldblum · facebook-github-bot · commit b6fa1d85e50a · 2025-05-09T14:36:22.000-07:00
Summary:
The `reinterpret_cast` to rvalue-ref triggered copy-construction under libc++, since `std::exception_ptr` has no move-constructor. This showed up as leaks reported by leak-sanitizer when using libc++. Since libstdc++ implements a separate move-constructor, it was unaffected.

Originally landed as: {D74203904}.
Reverted in: {D74256636}.

There was another problem, where, under recent libc++ versions with `__cxa_init_primary_exception`, the code-path did not set the refcount. Whereas under prior libc++ versions, the code-path did set the refcount. So the original version of the diff fixed one leak under prior libc++ while adding a leak or a use-after-free under recent libc++. It would be a leak if no further increments or decrements were done on the refcount because no copies of the `exception_ptr` are made and the `exception_ptr` is not rethrown, but a use-after-free if the `exception_ptr` is copied or rethrown.

Reviewed By: snarkmaster

Differential Revision: D74269462

fbshipit-source-id: 7cc21581be88b4cbe26ee936d96807666249188a
diff --git a/folly/lang/Exception.cpp b/folly/lang/Exception.cpp
@@ -698,6 +698,15 @@ std::exception_ptr catch_current_exception_(Try&& t) noexcept {
   return catch_exception(static_cast<Try&&>(t), current_exception);
 }
 
+template <typename Value>
+static std::exception_ptr make_exception_ptr_from_rep_(Value value) noexcept {
+  static_assert(sizeof(std::exception_ptr) == sizeof(Value));
+  static_assert(alignof(std::exception_ptr) == alignof(Value));
+  std::exception_ptr ptr;
+  std::memcpy(&ptr, &value, sizeof(value));
+  return ptr;
+}
+
 #if defined(__GLIBCXX__)
 
 std::exception_ptr make_exception_ptr_with_(
@@ -711,7 +720,7 @@ std::exception_ptr make_exception_ptr_with_(
     scope_guard_ rollback{std::bind(abi::__cxa_free_exception, object)};
     arg.ctor(object, func);
     rollback.dismiss();
-    return reinterpret_cast<std::exception_ptr&&>(object);
+    return make_exception_ptr_from_rep_(object);
   });
 }
 
@@ -735,6 +744,9 @@ std::exception_ptr make_exception_ptr_with_(
   auto type = const_cast<std::type_info*>(arg.type);
 #if _LIBCPP_VERSION >= 180000 && _LIBCPP_AVAILABILITY_HAS_INIT_PRIMARY_EXCEPTION
   (void)abi::__cxa_init_primary_exception(object, type, arg.dtor);
+  cxxabi_with_cxa_exception(object, [&](auto exception) {
+    exception->referenceCount = 1;
+  });
 #else
   cxxabi_with_cxa_exception(object, [&](auto exception) {
 #if defined(__FreeBSD__)
@@ -757,7 +769,7 @@ std::exception_ptr make_exception_ptr_with_(
     scope_guard_ rollback{std::bind(abi::__cxa_free_exception, object)};
     arg.ctor(object, func);
     rollback.dismiss();
-    return reinterpret_cast<std::exception_ptr&&>(object);
+    return make_exception_ptr_from_rep_(object);
   });
 }
 
