AK: Fix crash during teardown of self-owning objects

We now null out smart pointers *before* calling unref on the pointee. This ensures that the same smart pointer can't be used to acquire a new reference to the pointee after its destruction has begun. I ran into this when destroying a non-empty IntrusiveList of RefPtrs, but the problem was more general so this fixes it for all of RefPtr, NonnullRefPtr, OwnPtr and NonnullOwnPtr.
Author: https://github.com/awesomekling Commit: b7e847e58b Pull-request: https://github.com/SerenityOS/serenity/pull/18450 Reviewed-by: https://github.com/nico ✅
2025-06-09 09:34:57 +09:00 · 2023-04-21 13:36:32 +02:00 · 2023-04-21 13:36:32 +02:00 · b7e847e58b · 2024-07-17 03:51:15 +09:00
commit b7e847e58b
parent 66bd7cdb28
10 changed files with 102 additions and 14 deletions
--- a/Tests/AK/TestOwnPtr.cpp
+++ b/Tests/AK/TestOwnPtr.cpp
@ -21,3 +21,15 @@ TEST_CASE(should_call_custom_deleter)
    ptr.clear();
    EXPECT_EQ(1u, deleter_call_count);
 }
+
+TEST_CASE(destroy_self_owning_object)
+{
+    struct SelfOwning {
+        OwnPtr<SelfOwning> self;
+    };
+    OwnPtr<SelfOwning> object = make<SelfOwning>();
+    auto* object_ptr = object.ptr();
+    object->self = move(object);
+    object = nullptr;
+    object_ptr->self = nullptr;
+}