mysticmode/plan9port
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

libthread: fix use after free of first thread in each proc

Browse Source 
This was causing sporadic but frequent crashes at startup
in 9pserve on the new M1 Macs, correctly diagnosing a
use-after-free.
This commit is contained in:
Russ Cox
2020-12-15 00:05:17 -05:00
parent a012d17433
commit 2991442aef
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/libthread/thread.c
View File

@@ -411,6 +411,13 @@ Top:
p->nthread--; p->nthread--;
/*print("nthread %d\n", p->nthread); */ /*print("nthread %d\n", p->nthread); */
_threadstkfree(t->stk, t->stksize); _threadstkfree(t->stk, t->stksize);
/*
* Cannot free p->thread0 yet: it is used for the
* context switches back to the scheduler.
* Instead, we will free it at the end of this function.
* But all the other threads can be freed now.
*/
if(t != p->thread0)
free(t); free(t);
} }
@@ -490,6 +497,7 @@ Out:
unlock(&threadnproclock); unlock(&threadnproclock);
unlock(&p->lock); unlock(&p->lock);
_threadsetproc(nil); _threadsetproc(nil);
free(p->thread0);
free(p); free(p);
_threadpexit(); _threadpexit();
} }