Mesa (staging/21.2): egl: set TSD as NULL after deinit

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Fri Oct 15 16:06:53 UTC 2021 

Module: Mesa
Branch: staging/21.2
Commit: 84a54880cef5ac3f2d64c144de162e303384e8db
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=84a54880cef5ac3f2d64c144de162e303384e8db

Author: Maniraj D <md at nvidia.com>
Date:   Mon Oct 11 22:55:02 2021 +0530

egl: set TSD as NULL after deinit

When eglReleaseThread() is called from application's
destructor (API with __attribute__((destructor))),
it crashes due to invalid memory access.

In this case, _egl_TLS is freed in the flow of
_eglAtExit() as below but _egl_TLS is not set to NULL.

    _eglDestroyThreadInfo
        _eglFiniTSD
            _eglAtExit
                _run_exit_handlers
                    exit

Later when the eglReleaseThread is called from
application's destructor, it ends-up accessing
the freed _egl_TLS pointer.

    eglReleaseThread -> in libEGL_mesa
        eglReleaseThread -> in libEGL(glvnd)
            destructor() -> App's destructor

To resolve the invalid access, setting the _egl_TLS
pointer as NULL after freeing it.

Reviewed-by: Eric Engestrom <eric at engestrom.ch>
Reviewed-by: Jesse Natalie <jenatali at microsoft.com>
Reviewed-by: Tapani Pälli <tapani.palli at intel.com>
Cc: mesa-stable

Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/5466
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/13302>
(cherry picked from commit 796c9ab3fd6b897ae3b3c069568182178c7661d4)

---

 .pick_status.json         | 2 +-
 src/egl/main/eglcurrent.c | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.pick_status.json b/.pick_status.json
index 19c1a789eaf..58dc8595676 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -328,7 +328,7 @@
         "description": "egl: set TSD as NULL after deinit",
         "nominated": true,
         "nomination_type": 0,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": null
     },
diff --git a/src/egl/main/eglcurrent.c b/src/egl/main/eglcurrent.c
index 11277d3e4c0..401515ca396 100644
--- a/src/egl/main/eglcurrent.c
+++ b/src/egl/main/eglcurrent.c
@@ -130,8 +130,14 @@ _eglCreateThreadInfo(void)
 static void
 _eglDestroyThreadInfo(_EGLThreadInfo *t)
 {
-   if (t != &dummy_thread)
+   if (t != &dummy_thread) {
       free(t);
+#ifdef USE_ELF_TLS
+      /* Reset the TLS also here, otherwise
+       * it will be having a dangling pointer */
+      _egl_TLS = NULL;
+#endif
+   }
 }

More information about the mesa-commit mailing list