[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1371376451.16425.370.camel@eris.loria.fr>
Date: Sun, 16 Jun 2013 11:55:22 +0200
From: Jens Gustedt <Jens.Gustedt@...ia.fr>
To: musl@...ts.openwall.com
Subject: [PATCH] bugfix: invalid use of cb in io_thread after suspension of
the thread
It seems that the buffer variable to which cb is pointing can be recycled
since long when the thread returns from the previous call to wake. At
least valgrind found that the address that cb was pointing to at line in
question hasn't been returned by malloc since long time before.
The fix is easy: the event structure has been copied onto the stack of
the thread, anyhow, so just use that copy.
---
src/aio/aio_readwrite.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/aio/aio_readwrite.c b/src/aio/aio_readwrite.c
index e4c95aa..666372d 100644
--- a/src/aio/aio_readwrite.c
+++ b/src/aio/aio_readwrite.c
@@ -51,7 +51,7 @@ static void *io_thread(void *p)
__aio_wake();
- switch (cb->aio_sigevent.sigev_notify) {
+ switch (sev.sigev_notify) {
case SIGEV_SIGNAL:
notify_signal(&sev);
break;
--
1.7.9.5
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
