libthread: fix use after free of first thread in each proc
This was causing sporadic but frequent crashes at startup in 9pserve on the new M1 Macs, correctly diagnosing a use-after-free.
This commit is contained in:
Russ Cox
parent
a012d17433
commit
2991442aef
1 changed files with 9 additions and 1 deletions
|
|
@ -411,7 +411,14 @@ Top:
|
||||||
p->nthread--;
|
p->nthread--;
|
||||||
/*print("nthread %d\n", p->nthread); */
|
/*print("nthread %d\n", p->nthread); */
|
||||||
_threadstkfree(t->stk, t->stksize);
|
_threadstkfree(t->stk, t->stksize);
|
||||||
free(t);
|
/*
|
||||||
|
* Cannot free p->thread0 yet: it is used for the
|
||||||
|
* context switches back to the scheduler.
|
||||||
|
* Instead, we will free it at the end of this function.
|
||||||
|
* But all the other threads can be freed now.
|
||||||
|
*/
|
||||||
|
if(t != p->thread0)
|
||||||
|
free(t);
|
||||||
}
|
}
|
||||||
|
|
||||||
for(;;){
|
for(;;){
|
||||||
|
|
@ -490,6 +497,7 @@ Out:
|
||||||
unlock(&threadnproclock);
|
unlock(&threadnproclock);
|
||||||
unlock(&p->lock);
|
unlock(&p->lock);
|
||||||
_threadsetproc(nil);
|
_threadsetproc(nil);
|
||||||
|
free(p->thread0);
|
||||||
free(p);
|
free(p);
|
||||||
_threadpexit();
|
_threadpexit();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue