* [hurd, commited] htl: Clear kernel_thread field before releasing the thread structure
@ 2022-01-15 20:31 Samuel Thibault
0 siblings, 0 replies; only message in thread
From: Samuel Thibault @ 2022-01-15 20:31 UTC (permalink / raw)
To: libc-alpha; +Cc: Samuel Thibault, commit-hurd
Otherwise this is a use-after-free.
---
sysdeps/mach/htl/pt-thread-terminate.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sysdeps/mach/htl/pt-thread-terminate.c b/sysdeps/mach/htl/pt-thread-terminate.c
index 0cf72b330f..9bd6c3434d 100644
--- a/sysdeps/mach/htl/pt-thread-terminate.c
+++ b/sysdeps/mach/htl/pt-thread-terminate.c
@@ -62,15 +62,15 @@ __pthread_thread_terminate (struct __pthread *thread)
? __mig_get_reply_port () : MACH_PORT_NULL;
__mach_port_deallocate (__mach_task_self (), self_ktid);
+ /* The kernel thread won't be there any more. */
+ thread->kernel_thread = MACH_PORT_DEAD;
+
/* Finally done with the thread structure. */
__pthread_dealloc (thread);
/* The wake up port is now no longer needed. */
__mach_port_destroy (__mach_task_self (), wakeup_port);
- /* The kernel thread won't be there any more. */
- thread->kernel_thread = MACH_PORT_DEAD;
-
/* Terminate and release all that's left. */
err = __thread_terminate_release (kernel_thread, mach_task_self (),
kernel_thread, reply_port,
--
2.34.1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-01-15 20:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-15 20:31 [hurd, commited] htl: Clear kernel_thread field before releasing the thread structure Samuel Thibault
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).