fix(read_env): only advertise inline_completion for set_value_t#2112
Open
nebkat wants to merge 1 commit into
Open
fix(read_env): only advertise inline_completion for set_value_t#2112nebkat wants to merge 1 commit into
nebkat wants to merge 1 commit into
Conversation
Contributor
|
I think the more fundamental cause lies in a flaw of the current |
Author
|
Right, I did think that was unusual! I presume this is still the correct completion behavior for a sender which only completes with |
Collaborator
ericniebler
reviewed
Jun 17, 2026
nebkat
force-pushed
the
fix/read_env-attrs-set-value-only
branch
2 times, most recently
from
a3791fd to
1e412f7
Compare
ericniebler
requested changes
Jun 18, 2026
| } | ||
|
|
||
| STDEXEC_ATTRIBUTE(nodiscard) | ||
| constexpr auto query(__get_completion_behavior_t<set_error_t>) const noexcept |
Collaborator
There was a problem hiding this comment.
this should be constrained on whether the query expression is potentially throwing.
nebkat
force-pushed
the
fix/read_env-attrs-set-value-only
branch
from
1e412f7 to
4aa7567
Compare
`read_env`'s `__attrs::query` was a member template, so it returned
`inline_completion` for every completion tag - even `set_stopped_t`,
which read_env never sends. That made `let_value` mistakenly classify
chains like
read_env(q) | let_value([](auto v) { return some_async_sender; })
as inline-completing. The check `__never_sends || behavior ==
inline_completion` passed for every tag because read_env claimed inline
across the board.
`__as_awaitable` then picked the inline `__sender_awaiter`, which holds
the operation state as a local in `await_suspend` and destroys it at the
closing brace. For any inner sender that hadn't actually completed by
then, this is a use-after-free.
Bind the query to the tags read_env actually completes with: always
`set_value_t`, and `set_error_t(exception_ptr)` only when the query is
potentially throwing - both complete inline within `start()`, matching
the completion signatures.
nebkat
force-pushed
the
fix/read_env-attrs-set-value-only
branch
from
4aa7567 to
9a30194
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
read_env's__attrs::querywas a member template, so it returnedinline_completionfor every completion tag - evenset_error_tandset_stopped_t, which read_env never sends. That madelet_valuemistakenly classify chains likeas inline-completing. The check
__never_sends || behavior == inline_completionpassed for every tag because read_env claimed inline across the board.__as_awaitablethen picked the inline__sender_awaiter, which holds the operation state as a local inawait_suspendand destroys it at the closing brace. For any inner sender that hadn't actually completed by then, this is a use-after-free.Example: Godbolt
Drop the
_SetTagtemplate parameter and bind the query directly toset_value_t- the only tag read_env sends - matching what__just::__attrsalready does. The other tags now fall through to__unknown, the inline check correctly fails, and the non-inline awaiter gets selected.