Date: Wed, 21 Mar 2018 21:13:26 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r331324 - head/lib/libthr/thread Message-ID: <201803212113.w2LLDQXp094356@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Wed Mar 21 21:13:26 2018 New Revision: 331324 URL: https://svnweb.freebsd.org/changeset/base/331324 Log: Ensure thread library is initialized in pthread_testcancel(). Call _thr_check_init() before reading curthread in pthread_testcancel(). If a constructor in a library creates a semaphore via sem_init() and then waits for it via sem_wait(), the program can core dump in _pthread_testcancel() called from sem_wait(). This is because the semaphore implementation lives in libc, so the library's constructors can be run before libthr's constructors. Reported by: arichardson Reviewed by: kib Obtained from: CheriBSD MFC after: 1 week Sponsored by: DARPA / AFRL Differential Revision: https://reviews.freebsd.org/D14786 Modified: head/lib/libthr/thread/thr_cancel.c Modified: head/lib/libthr/thread/thr_cancel.c ============================================================================== --- head/lib/libthr/thread/thr_cancel.c Wed Mar 21 21:10:49 2018 (r331323) +++ head/lib/libthr/thread/thr_cancel.c Wed Mar 21 21:13:26 2018 (r331324) @@ -132,8 +132,10 @@ _pthread_setcanceltype(int type, int *oldtype) void _pthread_testcancel(void) { - struct pthread *curthread = _get_curthread(); + struct pthread *curthread; + _thr_check_init(); + curthread = _get_curthread(); testcancel(curthread); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803212113.w2LLDQXp094356>