[hurd,commited] htl: Clear kernel_thread field before releasing the thread structure
Checks
Commit Message
Otherwise this is a use-after-free.
---
sysdeps/mach/htl/pt-thread-terminate.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
@@ -62,15 +62,15 @@ __pthread_thread_terminate (struct __pthread *thread)
? __mig_get_reply_port () : MACH_PORT_NULL;
__mach_port_deallocate (__mach_task_self (), self_ktid);
+ /* The kernel thread won't be there any more. */
+ thread->kernel_thread = MACH_PORT_DEAD;
+
/* Finally done with the thread structure. */
__pthread_dealloc (thread);
/* The wake up port is now no longer needed. */
__mach_port_destroy (__mach_task_self (), wakeup_port);
- /* The kernel thread won't be there any more. */
- thread->kernel_thread = MACH_PORT_DEAD;
-
/* Terminate and release all that's left. */
err = __thread_terminate_release (kernel_thread, mach_task_self (),
kernel_thread, reply_port,