forked from rpms/glibc
27 lines
754 B
Diff
27 lines
754 B
Diff
Fix a user-after-free bug in the Systemtap probe in
|
|
__pthread_timedjoin_ex:
|
|
|
|
/* Free the TCB. */
|
|
__free_tcb (pd);
|
|
}
|
|
else
|
|
pd->joinid = NULL;
|
|
|
|
LIBC_PROBE (pthread_join_ret, 3, threadid, result, pd->result);
|
|
|
|
__free_tcb has freed the stack, the access pd->result is invalid.
|
|
|
|
diff --git a/nptl/pthread_join_common.c b/nptl/pthread_join_common.c
|
|
index ecb78ffba5861bdc..45deba6a74c5efd2 100644
|
|
--- a/nptl/pthread_join_common.c
|
|
+++ b/nptl/pthread_join_common.c
|
|
@@ -101,7 +101,7 @@ __pthread_timedjoin_ex (pthread_t threadid, void **thread_return,
|
|
else
|
|
pd->joinid = NULL;
|
|
|
|
- LIBC_PROBE (pthread_join_ret, 3, threadid, result, pd->result);
|
|
+ LIBC_PROBE (pthread_join_ret, 3, threadid, result, result);
|
|
|
|
return result;
|
|
}
|