diff options
author | Florian Weimer <fweimer@redhat.com> | 2019-02-15 21:27:01 +0100 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2019-02-15 21:27:01 +0100 |
commit | 067fc32968b601493f4b247a3ac00caeea3f3d61 (patch) | |
tree | 0e2b7618cbaefef297198842834e947b6bec4cb3 /ChangeLog | |
parent | c096b008d2671028c21ac8cf01f18a2083e73c44 (diff) | |
download | glibc-067fc32968b601493f4b247a3ac00caeea3f3d61.tar.gz glibc-067fc32968b601493f4b247a3ac00caeea3f3d61.tar.xz glibc-067fc32968b601493f4b247a3ac00caeea3f3d61.zip |
nptl: Fix invalid Systemtap probe in pthread_join [BZ #24211]
After commit f1ac7455831546e5dca0ed98fe8af2686fae7ce6 ("arm: Use "nr" constraint for Systemtap probes [BZ #24164]"), we load pd->result into a register in the probe below: /* Free the TCB. */ __free_tcb (pd); } else pd->joinid = NULL; LIBC_PROBE (pthread_join_ret, 3, threadid, result, pd->result); However, at this point, the thread descriptor has been freed. If the thread stack does not fit into the thread stack cache, the memory will have been unmapped, and the program will crash in the probe. (cherry picked from commit bc10e22c90e42613bd5dafb77b80a9ea1759dd1b)
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index d363be4620..a6a0ce19ed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2019-02-15 Florian Weimer <fweimer@redhat.com> + + [BZ #24211] + * nptl/pthread_join_common.c (__pthread_timedjoin_ex): Do not read + pd->result after the thread descriptor has been freed. + 2019-02-08 Florian Weimer <fweimer@redhat.com> [BZ #24161] |