From 0bed890bc61542cac8b0785136a7620e33206aa0 Mon Sep 17 00:00:00 2001 From: Martin Whitaker Date: Sun, 17 Sep 2017 19:48:54 +0100 Subject: [PATCH] Fix use after free bug in vvp when a task or function is disabled. Use test_joinable() and do_join() to ensure everything gets cleaned up before the thread is reaped. This should fix br1016, br1017, and br1018. --- vvp/vthread.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vvp/vthread.cc b/vvp/vthread.cc index cabd75ccf..d9e34b1d7 100644 --- a/vvp/vthread.cc +++ b/vvp/vthread.cc @@ -2325,7 +2325,7 @@ static bool do_disable(vthread_t thr, vthread_t match) } vthread_t parent = thr->parent; - if (parent && parent->i_am_joining) { + if (parent && parent->i_am_joining && test_joinable(parent, thr)) { // If a parent is waiting in a %join, wake it up. Note // that it is possible to be waiting in a %join yet // already scheduled if multiple child threads are @@ -2335,7 +2335,7 @@ static bool do_disable(vthread_t thr, vthread_t match) if (! parent->i_have_ended) schedule_vthread(parent, 0, true); - // Let the parent do the reaping. +// do_join(parent, thr); vthread_reap(thr); } else if (parent) {