September 15, 2016 [D-runtime] [dlang/druntime] b22d81: sections_elf_shared: Do not access TLS of dead thr... | ||||
---|---|---|---|---|
| ||||
Attachments:
| Branch: refs/heads/master Home: https://github.com/dlang/druntime Commit: b22d813d0b16d694d9dbd664b247f7949b4354fa https://github.com/dlang/druntime/commit/b22d813d0b16d694d9dbd664b247f7949b4354fa Author: David Nadlinger <code@klickverbot.at> Date: 2016-09-11 (Sun, 11 Sep 2016) Changed paths: M src/rt/sections_elf_shared.d Log Message: ----------- sections_elf_shared: Do not access TLS of dead thread in finiTLSRanges() finiTLSRanges() is called from the destructor of core.Thread. At this point, the OS thread has already ceased to exist, so what was formerly a pointer to _loadedDSOs is no longer valid. In other words, `tdsos.reset()` was a use-after-free bug. It is unclear why the issue didn't surface on Linux/FreeBSD yet; for example, glibc might not actually re-use the TLS address range after a thread exits. On OS X, however, this did quite frequently trigger a crash when running the Phobos unit tests, since `tdsos` would have already been overwritten with unrelated contents. Commit: d0d8c6f164d861e85d7f2d25b10f038dccd6626f https://github.com/dlang/druntime/commit/d0d8c6f164d861e85d7f2d25b10f038dccd6626f Author: Walter Bright <WalterBright@users.noreply.github.com> Date: 2016-09-15 (Thu, 15 Sep 2016) Changed paths: M src/rt/sections_elf_shared.d Log Message: ----------- Merge pull request #1655 from klickverbot/thread-dsos-use-after-free sections_elf_shared: Do not access TLS of dead thread in finiTLSRanges() Compare: https://github.com/dlang/druntime/compare/c4dc18549042...d0d8c6f164d8 |
Copyright © 1999-2021 by the D Language Foundation