AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-22 13:00:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

htl: Clear kernel_thread field before releasing the thread structure

Browse Source 
Otherwise this is a use-after-free.
This commit is contained in:
Samuel Thibault 2022-01-15 21:30:17 +01:00
parent 630d2568a1
commit c1105e34ac
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sysdeps/mach/htl/pt-thread-terminate.c
View File

@ -62,15 +62,15 @@ __pthread_thread_terminate (struct __pthread *thread)
? __mig_get_reply_port () : MACH_PORT_NULL;
__mach_port_deallocate (__mach_task_self (), self_ktid);
/* The kernel thread won't be there any more. */
thread->kernel_thread = MACH_PORT_DEAD;
/* Finally done with the thread structure. */
__pthread_dealloc (thread);
/* The wake up port is now no longer needed. */
__mach_port_destroy (__mach_task_self (), wakeup_port);
/* The kernel thread won't be there any more. */
thread->kernel_thread = MACH_PORT_DEAD;
/* Terminate and release all that's left. */
err = __thread_terminate_release (kernel_thread, mach_task_self (),
kernel_thread, reply_port,