Poison freed objects such that double-free is detected
Previously we were setting refcount of freed objects to the inert value, which was harmful because it caused further destroy()s of the freed object to NOT call free() and hence hide the bug. Indeed, after eb0bf3ae test-object was double-free'ing objects and this was never caught on Linux. It only was caught as crashing on Mac. Now we poison refcount upon freeing and check that it's valid whenever reading it. Makes test-object fail now.
Showing
想要评论请 注册 或 登录