Unsound: `AtomSetOnce::dup` is not panic safe

Question

Unsound: `AtomSetOnce::dup` is not panic safe

yvt opened this issue 3 years ago · 0 comments

#[test]
fn dup_panic_safety() {
    struct WeirdTy(String);

    impl Clone for WeirdTy {
        fn clone(&self) -> Self {
            panic!("")
        }
    }

    let x = AtomSetOnce::new(Box::new(WeirdTy("hoge".to_owned())));
    std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| {
        x.dup(Ordering::Acquire); // `v.clone()` panics, skipping `mem::forget(v)` and dropping `Box<WeirdTy>`
    }));
    // The `Box<WeirdTy>` is dropped again, causing a double-free
}