Mesa (main): egl: set TSD as NULL after deinit
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Fri Oct 15 06:45:56 UTC 2021
Module: Mesa
Branch: main
Commit: 796c9ab3fd6b897ae3b3c069568182178c7661d4
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=796c9ab3fd6b897ae3b3c069568182178c7661d4
Author: Maniraj D <md at nvidia.com>
Date: Mon Oct 11 22:55:02 2021 +0530
egl: set TSD as NULL after deinit
When eglReleaseThread() is called from application's
destructor (API with __attribute__((destructor))),
it crashes due to invalid memory access.
In this case, _egl_TLS is freed in the flow of
_eglAtExit() as below but _egl_TLS is not set to NULL.
_eglDestroyThreadInfo
_eglFiniTSD
_eglAtExit
_run_exit_handlers
exit
Later when the eglReleaseThread is called from
application's destructor, it ends-up accessing
the freed _egl_TLS pointer.
eglReleaseThread -> in libEGL_mesa
eglReleaseThread -> in libEGL(glvnd)
destructor() -> App's destructor
To resolve the invalid access, setting the _egl_TLS
pointer as NULL after freeing it.
Reviewed-by: Eric Engestrom <eric at engestrom.ch>
Reviewed-by: Jesse Natalie <jenatali at microsoft.com>
Reviewed-by: Tapani Pälli <tapani.palli at intel.com>
Cc: mesa-stable
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/5466
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/13302>
---
src/egl/main/eglcurrent.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/egl/main/eglcurrent.c b/src/egl/main/eglcurrent.c
index 27b09fc4623..3a82a2d0d77 100644
--- a/src/egl/main/eglcurrent.c
+++ b/src/egl/main/eglcurrent.c
@@ -131,8 +131,14 @@ _eglCreateThreadInfo(void)
static void
_eglDestroyThreadInfo(_EGLThreadInfo *t)
{
- if (t != &dummy_thread)
+ if (t != &dummy_thread) {
free(t);
+#ifdef USE_ELF_TLS
+ /* Reset the TLS also here, otherwise
+ * it will be having a dangling pointer */
+ _egl_TLS = NULL;
+#endif
+ }
}
More information about the mesa-commit
mailing list