diff options
author | Sergey Bugaev <bugaevc@gmail.com> | 2023-05-17 22:14:32 +0300 |
---|---|---|
committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-05-17 22:59:50 +0200 |
commit | c7fcce38c83a2bb665ef5dc4981bf20c7e586123 (patch) | |
tree | 5f8c474fc9c8af09835e720f74060b1b1b27d23b /sysdeps/mach/thread_state.h | |
parent | aa19c68d2bdf3a831894f609b8ac5c8f123268b2 (diff) | |
download | glibc-c7fcce38c83a2bb665ef5dc4981bf20c7e586123.tar.gz glibc-c7fcce38c83a2bb665ef5dc4981bf20c7e586123.tar.xz glibc-c7fcce38c83a2bb665ef5dc4981bf20c7e586123.zip |
hurd: Make sure to not use tcb->self
Unlike sigstate->thread, tcb->self did not hold a Mach port reference on the thread port it names. This means that the port can be deallocated, and the name reused for something else, without anyone noticing. Using tcb->self will then lead to port use-after-free. Fortunately nothing was accessing tcb->self, other than it being intially set to then-valid thread port name upon TCB initialization. To assert that this keeps being the case without altering TCB layout, rename self -> self_do_not_use, and stop initializing it. Also, do not (re-)allocate a whole separate and unused stack for the main thread, and just exit __pthread_setup early in this case. Found upon attempting to use tcb->self and getting unexpected crashes. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> Message-Id: <20230517191436.73636-7-bugaevc@gmail.com>
Diffstat (limited to 'sysdeps/mach/thread_state.h')
0 files changed, 0 insertions, 0 deletions