Home Verkennen Help
Inloggen
hongwenjun
/
musl
spiegel van https://git.musl-libc.org/git/musl
1
0
Vork 0
Bestanden Issues 0 Wiki
Bladeren bron

fix read-after-free type error in pthread_detach

calling __unlock on t->exitlock is not valid because __unlock reads
the waiters count after making the atomic store that could allow
pthread_exit to continue and unmap the thread's stack and the object t
points to. for now, inline the __unlock logic with an unconditional
futex wake operation so that the waiters count is not needed.

once __lock/__unlock have been made safe for self-synchronized
destruction, we could switch back to using them.
Rich Felker 7 jaren geleden
bovenliggende
907476925f
commit
c1e27367a9
1 gewijzigde bestanden met toevoegingen van 2 en 1 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 2 1
      src/thread/pthread_detach.c

+ 2 - 1
src/thread/pthread_detach.c
Bestand weergeven 

@@ -9,7 +9,8 @@ static int __pthread_detach(pthread_t t)
 
 	if (a_swap(t->exitlock, 1))
 
 		return __pthread_join(t, 0);
 
 	t->detached = 2;
 
-	__unlock(t->exitlock);
 
+	a_store(t->exitlock, 0);
 
+	__wake(t->exitlock, 1, 1);
 
 	return 0;
 
 }