Closed CosmicHorrorDev closed 1 year ago
Good catch! I had abort first, then made the crate no_std, didn't see a way to abort and just gave up and panicked instead. Is there a particular reason why you take the roundtrip through drop instead of just decreasing the ref-count before panicking?
I kinda figured it was something along those lines
Is there a particular reason why you take the roundtrip through drop instead of just decreasing the ref-count before panicking?
Not really a major one :sweat_smile:
I mostly just wanted to avoid spreading out where different atomics are used to make it easier to keep things in sync. If you want I can switch to just directly decreasing the ref count
Makes sense. Thanks for the fix!
The last PR in today's barrage is an extra spooky one :ghost::ghost::ghost:
I believe this should be enough to fix exception safety from overflowing the ref count. This prevents a possible use-after-free that can occur in incredibly degenerate programs. For example
Considering this involves overflowing a
usize
it takes a considerable amount of time (I tried optimizing things, but even usingcross
to run on a 32-bit platform gets really slow when we start catching panics)If you wind up adding an
std
feature you could changeref_count_overflow()
to abort when the feature is enabled which matches the standard library's handling