Hotfix for invalid Systemtap probe in pthread_join (#1674280)

glibc-rh1674280.patch

@@ -0,0 +1,26 @@
+Fix a user-after-free bug in the Systemtap probe in
+__pthread_timedjoin_ex:
+
+      /* Free the TCB.  */
+      __free_tcb (pd);
+    }
+  else
+    pd->joinid = NULL;
+
+  LIBC_PROBE (pthread_join_ret, 3, threadid, result, pd->result);
+
+__free_tcb has freed the stack, the access pd->result is invalid.
+
+diff --git a/nptl/pthread_join_common.c b/nptl/pthread_join_common.c
+index ecb78ffba5861bdc..45deba6a74c5efd2 100644
+--- a/nptl/pthread_join_common.c
++++ b/nptl/pthread_join_common.c
+@@ -101,7 +101,7 @@ __pthread_timedjoin_ex (pthread_t threadid, void **thread_return,
+   else
+     pd->joinid = NULL;
+ 
+-  LIBC_PROBE (pthread_join_ret, 3, threadid, result, pd->result);
++  LIBC_PROBE (pthread_join_ret, 3, threadid, result, result);
+ 
+   return result;
+ }

glibc.spec

@@ -87,7 +87,7 @@
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 6%{?dist}
+Release: 7%{?dist}
 
 # In general, GPLv2+ is used by programs, LGPLv2+ is used for
 # libraries.
@@ -158,6 +158,7 @@ Patch18: glibc-c-utf8-locale.patch
 Patch23: glibc-python3.patch
 Patch28: glibc-rh1615608.patch
 Patch29: glibc-rh1670028.patch
+Patch99: glibc-rh1674280.patch
 
 ##############################################################################
 # Continued list of core "glibc" package information:
@@ -1889,6 +1890,9 @@ fi
 %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
 
 %changelog
+* Mon Feb 11 2019 Florian Weimer <fweimer@redhat.com> - 2.29-7
+- Hotfix for invalid Systemtap probe in pthread_join (#1674280)
+
 * Mon Feb 11 2019 Florian Weimer <fweimer@redhat.com> - 2.29-6
 - Remove LRA bug on POWER workaround, fixed in gcc-9.0.1-0.4.fc30 (#1673018)