RepoMirrors
/
musl
mirror of git://git.musl-libc.org/musl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix read-after-free type error in pthread_detach 

calling __unlock on t->exitlock is not valid because __unlock reads
the waiters count after making the atomic store that could allow
pthread_exit to continue and unmap the thread's stack and the object t
points to. for now, inline the __unlock logic with an unconditional
futex wake operation so that the waiters count is not needed.

once __lock/__unlock have been made safe for self-synchronized
destruction, we could switch back to using them.
This commit is contained in:
Rich Felker 2017-10-13 23:00:34 -04:00
parent 907476925f
commit c1e27367a9
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/thread/pthread_detach.c
View File

@ -9,7 +9,8 @@ static int __pthread_detach(pthread_t t)
if (a_swap(t->exitlock, 1))
return __pthread_join(t, 0);
t->detached = 2;
__unlock(t->exitlock);
a_store(t->exitlock, 0);
__wake(t->exitlock, 1, 1);
return 0;
}