fix(storage): avoid crashes after move (#7045)

coryan · web-flow · commit 4f94bc16b489 · 2021-07-22T19:36:48.000-04:00
The `storage::Object*Stream` classes should not crash when used after
moved-from. They do not guarantee what value they hold, but crashing on
functions that just query their state is unexpected. Note that we have
not defined what pre-conditions are required by each function, so we
could have decided to make it UB to call these functions. That seems too
hostile when "not crash but returns some undefined value" is less
hostile and about as easy to implement.
diff --git a/google/cloud/storage/object_read_stream.cc b/google/cloud/storage/object_read_stream.cc
@@ -20,15 +20,20 @@ namespace google {
 namespace cloud {
 namespace storage {
 inline namespace STORAGE_CLIENT_NS {
+namespace {
+std::unique_ptr<internal::ObjectReadStreambuf> MakeErrorStreambuf() {
+  return absl::make_unique<internal::ObjectReadStreambuf>(
+      internal::ReadObjectRangeRequest("", ""),
+      Status(StatusCode::kUnimplemented, "null stream"));
+}
+}  // namespace
+
 static_assert(std::is_move_assignable<ObjectReadStream>::value,
               "storage::ObjectReadStream must be move assignable.");
 static_assert(std::is_move_constructible<ObjectReadStream>::value,
               "storage::ObjectReadStream must be move constructible.");
 
-ObjectReadStream::ObjectReadStream()
-    : ObjectReadStream(absl::make_unique<internal::ObjectReadStreambuf>(
-          internal::ReadObjectRangeRequest("", ""),
-          Status(StatusCode::kUnimplemented, "null stream"))) {}
+ObjectReadStream::ObjectReadStream() : ObjectReadStream(MakeErrorStreambuf()) {}
 
 ObjectReadStream::ObjectReadStream(ObjectReadStream&& rhs) noexcept
     : std::basic_istream<char>(std::move(rhs)),
@@ -42,7 +47,8 @@ ObjectReadStream::ObjectReadStream(ObjectReadStream&& rhs) noexcept
       // that derived classes can define their own move constructor and move
       // assignment.
       buf_(std::move(rhs.buf_)) {
-  rhs.set_rdbuf(nullptr);
+  rhs.buf_ = MakeErrorStreambuf();
+  rhs.set_rdbuf(rhs.buf_.get());
   set_rdbuf(buf_.get());
 }
 
diff --git a/google/cloud/storage/object_stream_test.cc b/google/cloud/storage/object_stream_test.cc
@@ -24,68 +24,89 @@ namespace storage {
 inline namespace STORAGE_CLIENT_NS {
 namespace {
 
+using ::google::cloud::testing_util::IsOk;
 using ::google::cloud::testing_util::StatusIs;
+using ::testing::NotNull;
 
 TEST(ObjectStream, ReadMoveConstructor) {
   ObjectReadStream reader;
+  ASSERT_THAT(reader.rdbuf(), NotNull());
   reader.setstate(std::ios::badbit | std::ios::eofbit);
   EXPECT_TRUE(reader.bad());
   EXPECT_TRUE(reader.eof());
-  EXPECT_NE(nullptr, reader.rdbuf());
 
   ObjectReadStream copy(std::move(reader));
+  ASSERT_THAT(copy.rdbuf(), NotNull());
   EXPECT_TRUE(copy.bad());
   EXPECT_TRUE(copy.eof());
   EXPECT_THAT(copy.status(), StatusIs(StatusCode::kUnimplemented));
 
-  EXPECT_EQ(nullptr, reader.rdbuf());  // NOLINT(bugprone-use-after-move)
-  EXPECT_NE(nullptr, copy.rdbuf());
+  // NOLINTNEXTLINE(bugprone-use-after-move)
+  EXPECT_THAT(reader.status(), Not(IsOk()));
+  EXPECT_THAT(reader.rdbuf(), NotNull());
 }
 
 TEST(ObjectStream, ReadMoveAssignment) {
   ObjectReadStream reader;
+  ASSERT_THAT(reader.rdbuf(), NotNull());
   reader.setstate(std::ios::badbit | std::ios::eofbit);
-  EXPECT_NE(nullptr, reader.rdbuf());
 
   ObjectReadStream copy;
 
   copy = std::move(reader);
+  ASSERT_THAT(copy.rdbuf(), NotNull());
   EXPECT_TRUE(copy.bad());
   EXPECT_TRUE(copy.eof());
   EXPECT_THAT(copy.status(), StatusIs(StatusCode::kUnimplemented));
 
-  EXPECT_EQ(nullptr, reader.rdbuf());  // NOLINT(bugprone-use-after-move)
-  EXPECT_NE(nullptr, copy.rdbuf());
+  // NOLINTNEXTLINE(bugprone-use-after-move)
+  ASSERT_THAT(reader.rdbuf(), NotNull());
+  EXPECT_THAT(reader.status(), Not(IsOk()));
 }
 
 TEST(ObjectStream, WriteMoveConstructor) {
   ObjectWriteStream writer;
+  ASSERT_THAT(writer.rdbuf(), NotNull());
   EXPECT_THAT(writer.metadata(), StatusIs(StatusCode::kUnimplemented));
-  EXPECT_NE(nullptr, writer.rdbuf());
 
   ObjectWriteStream copy(std::move(writer));
+  ASSERT_THAT(copy.rdbuf(), NotNull());
   EXPECT_TRUE(copy.bad());
   EXPECT_TRUE(copy.eof());
   EXPECT_THAT(copy.metadata(), StatusIs(StatusCode::kUnimplemented));
 
-  EXPECT_EQ(nullptr, writer.rdbuf());  // NOLINT(bugprone-use-after-move)
-  EXPECT_NE(nullptr, copy.rdbuf());
+  // NOLINTNEXTLINE(bugprone-use-after-move)
+  ASSERT_THAT(writer.rdbuf(), NotNull());
+  EXPECT_THAT(writer.last_status(), Not(IsOk()));
 }
 
 TEST(ObjectStream, WriteMoveAssignment) {
   ObjectWriteStream writer;
+  ASSERT_THAT(writer.rdbuf(), NotNull());
   EXPECT_THAT(writer.metadata(), StatusIs(StatusCode::kUnimplemented));
-  EXPECT_NE(nullptr, writer.rdbuf());
 
   ObjectWriteStream copy;
 
   copy = std::move(writer);
+  ASSERT_THAT(copy.rdbuf(), NotNull());
   EXPECT_TRUE(copy.bad());
   EXPECT_TRUE(copy.eof());
   EXPECT_THAT(copy.metadata(), StatusIs(StatusCode::kUnimplemented));
 
-  EXPECT_EQ(nullptr, writer.rdbuf());  // NOLINT(bugprone-use-after-move)
-  EXPECT_NE(nullptr, copy.rdbuf());
+  // NOLINTNEXTLINE(bugprone-use-after-move)
+  ASSERT_THAT(writer.rdbuf(), NotNull());
+  EXPECT_THAT(writer.last_status(), Not(IsOk()));
+}
+
+TEST(ObjectStream, Suspend) {
+  ObjectWriteStream writer;
+  ASSERT_THAT(writer.rdbuf(), NotNull());
+  EXPECT_THAT(writer.metadata(), StatusIs(StatusCode::kUnimplemented));
+
+  std::move(writer).Suspend();
+  // NOLINTNEXTLINE(bugprone-use-after-move)
+  ASSERT_THAT(writer.rdbuf(), NotNull());
+  EXPECT_THAT(writer.last_status(), Not(IsOk()));
 }
 
 }  // namespace
diff --git a/google/cloud/storage/object_write_stream.cc b/google/cloud/storage/object_write_stream.cc
@@ -21,18 +21,23 @@ namespace google {
 namespace cloud {
 namespace storage {
 inline namespace STORAGE_CLIENT_NS {
+namespace {
+std::unique_ptr<internal::ObjectWriteStreambuf> MakeErrorStreambuf() {
+  return absl::make_unique<internal::ObjectWriteStreambuf>(
+      absl::make_unique<internal::ResumableUploadSessionError>(
+          Status(StatusCode::kUnimplemented, "null stream")),
+      /*max_buffer_size=*/0, internal::CreateNullHashFunction(),
+      internal::HashValues{}, internal::CreateNullHashValidator(),
+      AutoFinalizeConfig::kDisabled);
+}
+}  // namespace
 static_assert(std::is_move_assignable<ObjectWriteStream>::value,
               "storage::ObjectWriteStream must be move assignable.");
 static_assert(std::is_move_constructible<ObjectWriteStream>::value,
               "storage::ObjectWriteStream must be move constructible.");
 
 ObjectWriteStream::ObjectWriteStream()
-    : ObjectWriteStream(absl::make_unique<internal::ObjectWriteStreambuf>(
-          absl::make_unique<internal::ResumableUploadSessionError>(
-              Status(StatusCode::kUnimplemented, "null stream")),
-          /*max_buffer_size=*/0, internal::CreateNullHashFunction(),
-          internal::HashValues{}, internal::CreateNullHashValidator(),
-          AutoFinalizeConfig::kDisabled)) {}
+    : ObjectWriteStream(MakeErrorStreambuf()) {}
 
 ObjectWriteStream::ObjectWriteStream(
     std::unique_ptr<internal::ObjectWriteStreambuf> buf)
@@ -57,7 +62,8 @@ ObjectWriteStream::ObjectWriteStream(ObjectWriteStream&& rhs) noexcept
       metadata_(std::move(rhs.metadata_)),
       headers_(std::move(rhs.headers_)),
       payload_(std::move(rhs.payload_)) {
-  rhs.set_rdbuf(nullptr);
+  rhs.buf_ = MakeErrorStreambuf();
+  rhs.set_rdbuf(rhs.buf_.get());
   set_rdbuf(buf_.get());
   if (!buf_) {
     setstate(std::ios::badbit | std::ios::eofbit);
@@ -96,7 +102,11 @@ void ObjectWriteStream::CloseBuf() {
   }
 }
 
-void ObjectWriteStream::Suspend() && { buf_.reset(); }
+void ObjectWriteStream::Suspend() && {
+  ObjectWriteStream tmp;
+  swap(tmp);
+  tmp.buf_.reset();
+}
 
 }  // namespace STORAGE_CLIENT_NS
 }  // namespace storage
