From 16e225f70d12ee90d48e058425b951b44b956186 Mon Sep 17 00:00:00 2001
From: Islam AbdelRahman <tec@fb.com>
Date: Mon, 25 Jul 2016 15:31:41 -0700
Subject: [PATCH] Fix MergeContext::copied_operands_ strings moving

Summary:
MergeContext::copied_operands contain strings that MergeContext::operand_list_ Slices point to
It's possible that when MergeContext::copied_operands grow, these strings are moved and there place in memory is changed, this will cause MergeContext::operand_list_ to point to invalid memory.
fix this problem by using unique_ptr<string> instead of string

Test Plan: run tests under mac/clang

Reviewers: sdong, yiwu

Reviewed By: yiwu

Subscribers: andrewkr, dhruba

Differential Revision: https://reviews.facebook.net/D61023
---
 db/merge_context.h | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/db/merge_context.h b/db/merge_context.h
index de1a86810..bf8bff0b6 100644
--- a/db/merge_context.h
+++ b/db/merge_context.h
@@ -36,9 +36,9 @@ class MergeContext {
       operand_list_->push_back(operand_slice);
     } else {
       // We need to have our own copy of the operand since it's not pinned
-      copied_operands_->emplace_back(operand_slice.data(),
-                                     operand_slice.size());
-      operand_list_->push_back(copied_operands_->back());
+      copied_operands_->emplace_back(
+          new std::string(operand_slice.data(), operand_slice.size()));
+      operand_list_->push_back(*copied_operands_->back());
     }
   }
 
@@ -52,9 +52,9 @@ class MergeContext {
       operand_list_->push_back(operand_slice);
     } else {
       // We need to have our own copy of the operand since it's not pinned
-      copied_operands_->emplace_back(operand_slice.data(),
-                                     operand_slice.size());
-      operand_list_->push_back(copied_operands_->back());
+      copied_operands_->emplace_back(
+          new std::string(operand_slice.data(), operand_slice.size()));
+      operand_list_->push_back(*copied_operands_->back());
     }
   }
 
@@ -88,7 +88,7 @@ class MergeContext {
   void Initialize() {
     if (!operand_list_) {
       operand_list_.reset(new std::vector<Slice>());
-      copied_operands_.reset(new std::vector<std::string>());
+      copied_operands_.reset(new std::vector<std::unique_ptr<std::string>>());
     }
   }
 
@@ -109,7 +109,7 @@ class MergeContext {
   // List of operands
   std::unique_ptr<std::vector<Slice>> operand_list_;
   // Copy of operands that are not pinned.
-  std::unique_ptr<std::vector<std::string>> copied_operands_;
+  std::unique_ptr<std::vector<std::unique_ptr<std::string>>> copied_operands_;
   bool operands_reversed_ = true;
 };