[libc++] Guard call_once against operator hijacking. (#128054)

mordante · web-flow · commit b271b4415880 · 2025-03-18T18:06:24.000+01:00
diff --git a/libcxx/include/__mutex/once_flag.h b/libcxx/include/__mutex/once_flag.h
@@ -11,6 +11,7 @@
 
 #include <__config>
 #include <__functional/invoke.h>
+#include <__memory/addressof.h>
 #include <__memory/shared_count.h> // __libcpp_acquire_load
 #include <__tuple/tuple_indices.h>
 #include <__tuple/tuple_size.h>
@@ -128,7 +129,7 @@ inline _LIBCPP_HIDE_FROM_ABI void call_once(once_flag& __flag, _Callable&& __fun
     typedef tuple<_Callable&&, _Args&&...> _Gp;
     _Gp __f(std::forward<_Callable>(__func), std::forward<_Args>(__args)...);
     __call_once_param<_Gp> __p(__f);
-    std::__call_once(__flag.__state_, &__p, &__call_once_proxy<_Gp>);
+    std::__call_once(__flag.__state_, std::addressof(__p), std::addressof(__call_once_proxy<_Gp>));
   }
 }
 
@@ -138,15 +139,15 @@ template <class _Callable>
 inline _LIBCPP_HIDE_FROM_ABI void call_once(once_flag& __flag, _Callable& __func) {
   if (__libcpp_acquire_load(&__flag.__state_) != once_flag::_Complete) {
     __call_once_param<_Callable> __p(__func);
-    std::__call_once(__flag.__state_, &__p, &__call_once_proxy<_Callable>);
+    std::__call_once(__flag.__state_, std::addressof(__p), std::addressof(__call_once_proxy<_Callable>));
   }
 }
 
 template <class _Callable>
 inline _LIBCPP_HIDE_FROM_ABI void call_once(once_flag& __flag, const _Callable& __func) {
   if (__libcpp_acquire_load(&__flag.__state_) != once_flag::_Complete) {
     __call_once_param<const _Callable> __p(__func);
-    std::__call_once(__flag.__state_, &__p, &__call_once_proxy<const _Callable>);
+    std::__call_once(__flag.__state_, std::addressof(__p), std::addressof(__call_once_proxy<const _Callable>));
   }
 }
 
diff --git a/libcxx/test/std/thread/thread.mutex/thread.once/thread.once.callonce/call_once.pass.cpp b/libcxx/test/std/thread/thread.mutex/thread.once/thread.once.callonce/call_once.pass.cpp
@@ -8,6 +8,8 @@
 
 // UNSUPPORTED: no-threads
 
+// XFAIL: FROZEN-CXX03-HEADERS-FIXME
+
 // <mutex>
 
 // struct once_flag;
@@ -21,6 +23,7 @@
 
 #include "make_test_thread.h"
 #include "test_macros.h"
+#include "operator_hijacker.h"
 
 typedef std::chrono::milliseconds ms;
 
@@ -253,7 +256,19 @@ int main(int, char**)
         std::call_once(f2, std::move(rq));
         assert(rq.rv_called == 1);
     }
+    {
+      std::once_flag flag;
+      auto f = [](const operator_hijacker&) {};
+      std::call_once(flag, f, operator_hijacker{});
+    }
+
 #endif // TEST_STD_VER >= 11
 
-  return 0;
+    {
+      std::once_flag flag;
+      operator_hijacker f;
+      std::call_once(flag, f);
+    }
+
+    return 0;
 }
diff --git a/libcxx/test/support/operator_hijacker.h b/libcxx/test/support/operator_hijacker.h
@@ -23,6 +23,7 @@
 struct operator_hijacker {
   TEST_CONSTEXPR bool operator<(const operator_hijacker&) const { return true; }
   TEST_CONSTEXPR bool operator==(const operator_hijacker&) const { return true; }
+  TEST_CONSTEXPR int operator()() const { return 42; }
 
   template <typename T>
   friend void operator&(T&&) = delete;

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@`
`11`	`11`
`12`	`12`	`#include <__config>`
`13`	`13`	`#include <__functional/invoke.h>`
	`14`	`+#include <__memory/addressof.h>`
`14`	`15`	`#include <__memory/shared_count.h> // __libcpp_acquire_load`
`15`	`16`	`#include <__tuple/tuple_indices.h>`
`16`	`17`	`#include <__tuple/tuple_size.h>`
`@@ -128,7 +129,7 @@ inline _LIBCPP_HIDE_FROM_ABI void call_once(once_flag& __flag, _Callable&& __fun`
`128`	`129`	`typedef tuple<_Callable&&, _Args&&...> _Gp;`
`129`	`130`	`_Gp __f(std::forward<_Callable>(__func), std::forward<_Args>(__args)...);`
`130`	`131`	`__call_once_param<_Gp> __p(__f);`
`131`		`- std::__call_once(__flag.__state_, &__p, &__call_once_proxy<_Gp>);`
	`132`	`+ std::__call_once(__flag.__state_, std::addressof(__p), std::addressof(__call_once_proxy<_Gp>));`
`132`	`133`	`}`
`133`	`134`	`}`
`134`	`135`
`@@ -138,15 +139,15 @@ template <class _Callable>`
`138`	`139`	`inline _LIBCPP_HIDE_FROM_ABI void call_once(once_flag& __flag, _Callable& __func) {`
`139`	`140`	`if (__libcpp_acquire_load(&__flag.__state_) != once_flag::_Complete) {`
`140`	`141`	`__call_once_param<_Callable> __p(__func);`
`141`		`- std::__call_once(__flag.__state_, &__p, &__call_once_proxy<_Callable>);`
	`142`	`+ std::__call_once(__flag.__state_, std::addressof(__p), std::addressof(__call_once_proxy<_Callable>));`
`142`	`143`	`}`
`143`	`144`	`}`
`144`	`145`
`145`	`146`	`template <class _Callable>`
`146`	`147`	`inline _LIBCPP_HIDE_FROM_ABI void call_once(once_flag& __flag, const _Callable& __func) {`
`147`	`148`	`if (__libcpp_acquire_load(&__flag.__state_) != once_flag::_Complete) {`
`148`	`149`	`__call_once_param<const _Callable> __p(__func);`
`149`		`- std::__call_once(__flag.__state_, &__p, &__call_once_proxy<const _Callable>);`
	`150`	`+ std::__call_once(__flag.__state_, std::addressof(__p), std::addressof(__call_once_proxy<const _Callable>));`
`150`	`151`	`}`
`151`	`152`	`}`
`152`	`153`